« List of all CVEs

CVE-2025-5914

Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

Published: 6/9/2025 Last updated: 2/5/2026 Reserved: 6/9/2025

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 7.8 High CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Opam packages affected (1)

conf-cpio

Products affected (14)

Product Vendor Version
< 10.0.25398.950
Red Hat Enterprise Linux 10 Red Hat < 10.0.10240.20680
Red Hat Enterprise Linux 7 Extended Lifecycle Support Red Hat < 10.0.14393.7070
Red Hat Enterprise Linux 8 Red Hat < 10.0.14393.7070
Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat < 10.0.14393.7070
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat < 16.8.6
Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat < 16.9.4
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat < 16.10.2
Red Hat OpenShift Container Platform 4.14 Red Hat < 2.0.0
Red Hat OpenShift Container Platform 4.15 Red Hat < 6.4.3
Red Hat OpenShift Container Platform 4.16 Red Hat < 5.15
Red Hat OpenShift distributed tracing 3.5.1 Red Hat n/a
Red Hat OpenShift distributed tracing 3.5.1 Red Hat python 3.10.0b1, python 3.9.5, python 3.8.11, python 3.7.11, python 3.6.14
Red Hat OpenShift distributed tracing 3.5.1 Red Hat n/a

References (66)