Vulnerability Description
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libarchive | Libarchive | < 3.8.0 |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2025-5916Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2370872Issue Tracking
- https://github.com/libarchive/libarchive/pull/2568Patch
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0Release Notes
FAQ
What is CVE-2025-5916?
CVE-2025-5916 is a vulnerability with a CVSS score of 3.9 (LOW). A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT6...
How severe is CVE-2025-5916?
CVE-2025-5916 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5916?
Check the references section above for vendor advisories and patch information. Affected products include: Libarchive Libarchive, Redhat Openshift Container Platform, Redhat Enterprise Linux.