CVE-2025-5918

Libarchive: reading past eof may be triggered for piped file streams

Published: 6/9/2025 Last updated: 1/8/2026 Reserved: 6/9/2025

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	3.9	Low	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

Opam packages affected (1)

conf-cpio

Products affected (0)

No product listed.

References (8)

https://access.redhat.com/security/cve/CVE-2025-5918
https://bugzilla.redhat.com/show_bug.cgi?id=2370877
https://github.com/libarchive/libarchive/pull/2584
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
https://access.redhat.com/security/cve/CVE-2025-5918
https://bugzilla.redhat.com/show_bug.cgi?id=2370877
https://github.com/libarchive/libarchive/pull/2584
https://github.com/libarchive/libarchive/releases/tag/v3.8.0