CVE-2025-5914

Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

Published: 6/9/2025 Last updated: 11/22/2025 Reserved: 6/9/2025

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.3	High	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Opam packages affected (1)

conf-cpio

Products affected (87)

Product	Vendor	Version
cert-manager operator for Red Hat OpenShift 1.16	Red Hat	n/a
Compliance Operator 1	Red Hat	< 5.2.36
Compliance Operator 1	Red Hat	< 5.2.7
Compliance Operator 1	Red Hat	< 135.0.3179.54
Compliance Operator 1	Red Hat	unspecified
Compliance Operator 1	Red Hat	< publication
Compliance Operator 1	Red Hat	2.0
File Integrity Operator 1	Red Hat	Snapdragon X75 5G Modem-RF System
Red Hat Discovery 2	Red Hat	n/a
Red Hat Insights proxy 1.5	Red Hat	WCD9340
Red Hat Insights proxy 1.5	Red Hat	unspecified
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	10 Version 1803 for 32-bit Systems
Red Hat Enterprise Linux 9	Red Hat	all versions as of 2019-04-03
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Red Hat	<= 1.4.1
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Red Hat	2019
Red Hat Enterprise Linux 9.4 Extended Update Support	Red Hat	2019 (Core installation)
Red Hat Enterprise Linux 6	Red Hat	< 10.0.19043.2006
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	7.20EXT
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 7 Extended Lifecycle Support	Red Hat	10 Version 1809 for ARM64-based Systems
Red Hat Enterprise Linux 8	Red Hat	10 Version 1809 for 32-bit Systems
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier, Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, and L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	10 Version 1803 for ARM64-based Systems
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	10 Version 1803 for x64-based Systems
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Red Hat	<= 4.1.8
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	< publication
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Red Hat	<= 2.1.2
		10 Version 1809 for x64-based Systems
Red Hat Enterprise Linux 6	Red Hat	< 6.5.2.
		< 6.3.9600.20402
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 7 Extended Lifecycle Support	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Red Hat	< 31cb32a590d62b18f69a9a6d433f4e69c74fdd56
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Red Hat	< 6.14
Red Hat Enterprise Linux 9	Red Hat	6.14
Red Hat Enterprise Linux 9	Red Hat	< 770c8d55c42868239c748a3ebc57c9e37755f842
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	< publication
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Red Hat	< 60.2
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	All versions < V2.18
Red Hat OpenShift sandboxed containers 1.1	Red Hat	from 5.3.0 prior to 5.3.4
Red Hat OpenShift sandboxed containers 1.1	Red Hat	n/a
Red Hat OpenShift sandboxed containers 1.1	Red Hat	QAM8255P
Red Hat OpenShift sandboxed containers 1.1	Red Hat	12.2.5
Red Hat OpenShift sandboxed containers 1.1	Red Hat	from 5.4.0 prior to 5.4.2
Red Hat OpenShift sandboxed containers 1.1	Red Hat	n/a
Red Hat OpenShift sandboxed containers 1.1	Red Hat	WSA8835
Red Hat OpenShift sandboxed containers 1.1	Red Hat	from 5.5.0 prior to 5.5.1
Red Hat OpenShift sandboxed containers 1.1	Red Hat	< publication
Red Hat OpenShift sandboxed containers 1.1	Red Hat	10 Version 1809 for x64-based Systems
Red Hat OpenShift sandboxed containers 1.1	Red Hat	QCA6574
Red Hat OpenShift Container Platform 4.18	Red Hat	n/a
Red Hat OpenShift Container Platform 4.17	Red Hat	n/a
Red Hat OpenShift Container Platform 4.18	Red Hat	QCA6584AU
Red Hat OpenShift Container Platform 4.19	Red Hat	QCA6698AQ
Red Hat OpenShift Container Platform 4.20	Red Hat	5.15
Red Hat OpenShift Container Platform 4.14	Red Hat	< publication
Red Hat OpenShift Container Platform 4.17	Red Hat	version 1803 (Core Installation)
Red Hat OpenShift Container Platform 4.19	Red Hat	n/a
Red Hat OpenShift Container Platform 4.20	Red Hat	n/a
Red Hat OpenShift Container Platform 4.14	Red Hat	< 5.2.0.4
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	unspecified
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	n/a
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	from 3.7.0 prior to 4.14.11
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	< publication
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	WCD9370
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	1.0.5.0
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	10 Version 1607 for 32-bit Systems
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	12.1.1
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	from 5.0.0 prior to 5.0.9
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	AR8035
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	from 5.1.0 prior to 5.1.8
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	from 5.2.0 prior to 5.2.6
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	n/a
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	WCN3988
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	<= 2.2.4
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	4.1.2cu.5232_B20210713
Red Hat OpenShift distributed tracing 3.5.2	Red Hat	Flight RB5 5G Platform
Red Hat Web Terminal 1.11 on RHEL 9	Red Hat	n/a
Red Hat Web Terminal 1.11 on RHEL 9	Red Hat	QCN6274
Red Hat Web Terminal 1.11 on RHEL 9	Red Hat	unspecified
Red Hat Web Terminal 1.12 on RHEL 9	Red Hat	n/a
Red Hat Web Terminal 1.12 on RHEL 9	Red Hat	Qualcomm Video Collaboration VC3 Platform
Red Hat Web Terminal 1.11 on RHEL 9	Red Hat	<= *

CVE-2025-5914

Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

Metrics

Opam packages affected (1)

Products affected (87)

References (59)