CVE-2025-5914

Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

Published: 6/9/2025 Last updated: 6/20/2025 Reserved: 6/9/2025

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	3.9	Low	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

Opam packages affected (1)

conf-cpio

Products affected (12)

Product	Vendor	Version
Red Hat Enterprise Linux 10	Red Hat	QCA6698AQ
Red Hat Enterprise Linux 6	Red Hat	QCA8081
Red Hat Enterprise Linux 7	Red Hat	12.5(1)SR2
Red Hat Enterprise Linux 8	Red Hat	QCA8337
Red Hat Enterprise Linux 9	Red Hat	10.2(1)SR1
Red Hat Enterprise Linux 8	Red Hat	10.1.6
Red Hat Enterprise Linux 9	Red Hat	>= 2.6.0, < 2.6.3
Red Hat Enterprise Linux 10	Red Hat	< 19.02.2024
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	< unspecified
Red Hat OpenShift Container Platform 4	Red Hat	n/a
Red Hat OpenShift Container Platform 4	Red Hat	n/a

CVE-2025-5914

Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

Metrics

Opam packages affected (1)

Products affected (12)

References (10)