CVE Catalog

CVE-2025-5917

LowCVSS 2.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

An off-by-one vulnerability has been identified in the libarchive library when handling file name prefixes and suffixes. This flaw causes a 1-byte write overflow, potentially corrupting adjacent memory and leading to unpredictable program behavior or crashes.

Risk Assessment

This vulnerability could allow an attacker to destabilize the system by crashing applications using libarchive, and under favorable conditions, it may be used as a building block for more sophisticated attacks leading to control compromise.

Recommendation

Immediately update the libarchive library to version 3.8.0 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS