CVE-2025-5916

Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c

Published: 6/9/2025 Last updated: 12/12/2025 Reserved: 6/9/2025

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	3.9	Low	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

Opam packages affected (1)

conf-cpio

Products affected (5)

Product	Vendor	Version
Red Hat Enterprise Linux 10	Red Hat	2010 Service Pack 2
Red Hat Enterprise Linux 6	Red Hat	< 4.9.14.0
Red Hat Enterprise Linux 8	Red Hat	1.0.0 to 1.7.0
Red Hat Enterprise Linux 9	Red Hat	<= 15.0
Red Hat OpenShift Container Platform 4	Red Hat	12.0(1)SU1

CVE-2025-5916

Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c

Metrics

Opam packages affected (1)

Products affected (5)

References (4)