Vulnerability Description
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libarchive | Libarchive | < 3.8.0 |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2025-5915Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2370865Issue Tracking
- https://github.com/libarchive/libarchive/pull/2599Patch
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0Release Notes
FAQ
What is CVE-2025-5915?
CVE-2025-5915 is a vulnerability with a CVSS score of 6.6 (MEDIUM). A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZS...
How severe is CVE-2025-5915?
CVE-2025-5915 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5915?
Check the references section above for vendor advisories and patch information. Affected products include: Libarchive Libarchive, Redhat Openshift Container Platform, Redhat Enterprise Linux.