PT-2025-24556 · Unknown+6 · Libarchive+6

Carnil

Published

2025-04-07

Updated

2026-04-02

CVE-2025-5917

CVSS v3.1

5.0

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libarchive (affected versions not specified)

Description A flaw has been identified in the libarchive library involving an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow, potentially corrupting adjacent memory and causing unpredictable program behavior, crashes, or could be used as a building block for more sophisticated exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

AZL-63756

AZL-63777

AZL-63818

AZL-63854

BDU:2025-11084

CVE-2025-5917

DLA-4368-1

ECHO-F0A0-988F-D29C

JLSEC-2025-247

MGASA-2025-0200

OESA-2025-1623

OESA-2025-1624

OESA-2025-1656

OESA-2025-1657

OESA-2025-1658

SUSE-SU-2025:02566-1

SUSE-SU-2025:02718-1

SUSE-SU-2025:02718-2

SUSE-SU-2025:20560-1

SUSE-SU-2025:20594-1

SUSE-SU-2025_02566-1

SUSE-SU-2025_02718-2

USN-7601-1

USN-8147-1

Affected Products

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Libarchive

PT-2025-24556 · Unknown+6 · Libarchive+6

CVE-2025-5917

Weakness Enumeration

Related Identifiers

Affected Products

References · 86