CVE-2025-5914

Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

Published: 6/9/2025 Last updated: 6/5/2026 Reserved: 6/9/2025

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.8	High	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Opam packages affected (1)

conf-cpio

Products affected (121)

Product	Vendor	Version
cert-manager operator for Red Hat OpenShift 1.16	Red Hat	8.7
cert-manager operator for Red Hat OpenShift 1.16	Red Hat	3.1
OpenShift Compliance Operator 1	Red Hat	< 10.0.26100.4349
OpenShift Compliance Operator 1	Red Hat	n/a
OpenShift Compliance Operator 1	Red Hat	n/a
OpenShift Compliance Operator 1	Red Hat	2013 Service Pack 1 (32-bit editions)
OpenShift Compliance Operator 1	Red Hat	n/a
OpenShift Compliance Operator 1	Red Hat	n/a
OpenShift File Integrity Operator - FIO 1	Red Hat	n/a
OpenShift File Integrity Operator - FIO 1	Red Hat	n/a
Red Hat Discovery 2	Red Hat	2013 Service Pack 1 (64-bit editions)
Red Hat Discovery 2	Red Hat	n/a
Red Hat Insights proxy 1.5	Red Hat	n/a
Red Hat Insights proxy 1.5	Red Hat	n/a
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Red Hat	Cumulative Update 12
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 9.4 Extended Update Support	Red Hat	n/a
		< 68.0.3440.75
Red Hat Enterprise Linux 10	Red Hat	SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3
Red Hat Enterprise Linux 7 Extended Lifecycle Support	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	(Server Core installation)
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	< 10.0.14393.8148
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	Version 1607 for 32-bit Systems
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	Service Pack 3 Update Rollup 26
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	Version 1607 for x64-based Systems
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Red Hat	Version 1703 for 32-bit Systems
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	Cumulative Update 22
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Red Hat	Version 1703 for x64-based Systems
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A.
Red Hat Enterprise Linux 9	Red Hat	< 10.0.14393.8148
Red Hat Enterprise Linux 9	Red Hat	Version 1709 for 32-bit Systems
Red Hat Enterprise Linux 6	Red Hat	n/a
		Web Apps Server 2013 Service Pack 1
Red Hat Enterprise Linux 10	Red Hat	8.1.1
Red Hat Enterprise Linux 7 Extended Lifecycle Support	Red Hat	7.8.1
Red Hat Enterprise Linux 8	Red Hat	6.2
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	7.6.1
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	7 for 32-bit Systems Service Pack 1
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	6.2
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	(Server Core installation)
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Red Hat	x64-based systems
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	Itanium-Based Systems Service Pack 1
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Red Hat	x64-based Systems Service Pack 1
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	5.0.x up to, excluding 5.0.17
Red Hat Enterprise Linux 9	Red Hat	2008 for 32-bit Systems Service Pack 2 (Core installation)
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Red Hat	Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Red Hat	2016
Red Hat Enterprise Linux 9.4 Extended Update Support	Red Hat	Version 1703 for 32-bit Systems
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat OpenShift sandboxed containers 1.1	Red Hat	Version 1607 for x64-based Systems
Red Hat OpenShift sandboxed containers 1.1	Red Hat	< publication
Red Hat OpenShift sandboxed containers 1.1	Red Hat	<= 6.2.4
Red Hat OpenShift sandboxed containers 1.1	Red Hat	2016 for Mac
Red Hat OpenShift sandboxed containers 1.1	Red Hat	6.3.0
Red Hat OpenShift sandboxed containers 1.1	Red Hat	Version 1703 for x64-based Systems
Red Hat OpenShift sandboxed containers 1.1	Red Hat	2019 for 32-bit editions
Red Hat OpenShift sandboxed containers 1.1	Red Hat	6.3.2
Red Hat OpenShift sandboxed containers 1.1	Red Hat	5.6.41 and prior
Red Hat OpenShift sandboxed containers 1.1	Red Hat	6.3.3
Red Hat OpenShift sandboxed containers 1.1	Red Hat	Version 1803 for x64-based Systems
Red Hat OpenShift sandboxed containers 1.1	Red Hat	n/a
Red Hat OpenShift sandboxed containers 1.1	Red Hat	2019 for 64-bit editions
Red Hat OpenShift sandboxed containers 1.1	Red Hat	< 2026.2.13
RHOSS-1.36-RHEL-8	Red Hat	n/a
RHOSS-1.36-RHEL-8	Red Hat	6.1
RHOSS-1.36-RHEL-8	Red Hat	< publication
RHOSS-1.36-RHEL-8	Red Hat	< 10.0.17763.7434
RHOSS-1.36-RHEL-8	Red Hat	10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50
RHOSS-1.36-RHEL-8	Red Hat	7.3
RHOSS-1.36-RHEL-8	Red Hat	n/a
RHOSS-1.36-RHEL-8	Red Hat	n/a
RHOSS-1.36-RHEL-8	Red Hat	< 10.0.20348.3807
RHOSS-1.36-RHEL-8	Red Hat	< 5.2.16
RHOSS-1.36-RHEL-8	Red Hat	Windows Server 2012 R2
RHOSS-1.36-RHEL-8	Red Hat	7.7.1
RHOSS-1.36-RHEL-8	Red Hat	MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016
RHOSS-1.36-RHEL-8	Red Hat	8.1
RHOSS-1.36-RHEL-8	Red Hat	< 10.0.25398.1665
RHOSS-1.36-RHEL-8	Red Hat	n/a
RHOSS-1.36-RHEL-8	Red Hat	APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
RHOSS-1.36-RHEL-8	Red Hat	6.4
RHOSS-1.36-RHEL-8	Red Hat	2010 Service Pack 2 (32-bit editions)
RHOSS-1.36-RHEL-8	Red Hat	2010 Service Pack 2 (64-bit editions)
RHOSS-1.36-RHEL-8	Red Hat	7.3
Red Hat OpenShift Container Platform 4.17	Red Hat	Cumulative Update 1
Red Hat OpenShift Container Platform 4.14	Red Hat	Version 1709 for 32-bit Systems
Red Hat OpenShift Container Platform 4.15	Red Hat	Version 1709 for x64-based Systems
Red Hat OpenShift Container Platform 4.16	Red Hat	7.6.1
Red Hat OpenShift Container Platform 4.17	Red Hat	unspecified
Red Hat OpenShift Container Platform 4.18	Red Hat	N/A
Red Hat OpenShift Container Platform 4.19	Red Hat	8.1.1
Red Hat OpenShift Container Platform 4.20	Red Hat	6.4
Red Hat OpenShift Container Platform 4.14	Red Hat	n/a
Red Hat OpenShift Container Platform 4.15	Red Hat	Version 1709 for x64-based Systems
Red Hat OpenShift Container Platform 4.20	Red Hat	2016 for Mac
Red Hat OpenShift Container Platform 4.19	Red Hat	version 1709 (Server Core Installation)
Red Hat OpenShift Container Platform 4.18	Red Hat	< 10.0.17763.7434
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	n/a
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	2013 RT Service Pack 1
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	2019
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	n/a
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	< 10.0.26100.4349
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	< 70d1aa4cc4d7b940180553a63805c22fc62e2cf0
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	2016 for x64-based Systems Service Pack 2
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	2016 (32-bit edition)
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	< publication
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	n/a
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	(Server Core installation)
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	< publication
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	n/a
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	n/a
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	= 7.31
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	n/a
Red Hat OpenShift distributed tracing 3.5.1	Red Hat	2016 (64-bit edition)
Red Hat Web Terminal 1.11 on RHEL 9	Red Hat	n/a
Red Hat Web Terminal 1.11 on RHEL 9	Red Hat	7.6
Red Hat Web Terminal 1.11 on RHEL 9	Red Hat	n/a
Red Hat Web Terminal 1.11 on RHEL 9	Red Hat	n/a
Red Hat Web Terminal 1.12 on RHEL 9	Red Hat	2017.07, 2017.11, 2018.02
Red Hat Web Terminal 1.12 on RHEL 9	Red Hat	Windows 10 Version 1703 for 32-bit Systems

CVE-2025-5914

Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

Metrics

Opam packages affected (1)

Products affected (121)

References (66)