CVE-2025-5915

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-5915
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

3.9 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/security/cve/CVE-2025-5915
https://bugzilla.redhat.com/show_bug.cgi?id=2370865
https://github.com/libarchive/libarchive/pull/2599
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
Configurations

No configuration.

History

12 Jun 2025, 16:06

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en la librería libarchive. Esta falla puede provocar una sobrelectura del búfer de memoria dinámica (heap buffer) debido a que el tamaño de un bloque de filtro puede exceder la ventana Lempel-Ziv-Storer-Schieber (LZSS). Esto significa que la librería podría intentar leer más allá del búfer de memoria asignado, lo que puede provocar un comportamiento impredecible del programa, fallos (denegación de servicio) o la divulgación de información confidencial de regiones de memoria adyacentes.

09 Jun 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-09 20:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-5915

Mitre link : CVE-2025-5915

CVE.ORG link : CVE-2025-5915

JSON object : View

Products Affected

No product.

CWE
CWE-122

Heap-based Buffer Overflow