CVE-2025-5916 PUBLISHED

Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c

Assigner: redhat
Reserved: 09.06.2025 Published: 09.06.2025 Updated: 10.06.2025

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
CVSS Score: 3.9

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	Required	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat OpenShift Container Platform 4
Versions	Default: affected

Workarounds

Upgrade to libarchive version 3.8.0 or later, which includes important security fixes and stability improvements.

References

Problem Types

Integer Overflow or Wraparound CWE