CVE-2025-5918
LowCVSS 3.9Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
A vulnerability has been identified in the libarchive library, triggered when file streams are piped into bsdtar, causing an out-of-bounds read. This can lead to unpredictable program behavior, memory corruption, or denial of service.
Risk Assessment
The risk for the organization includes potential disruption of services using libarchive, leading to system unavailability or data loss due to memory corruption.
Recommendation
It is recommended to immediately update the libarchive library to the latest patched version and avoid processing untrusted file streams with bsdtar until the patch is applied.
Original NVD description (English source)
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

