Heap Buffer Over-Read Vulnerability in Libarchive Library
CVE-2025-5915

3.9LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 9 June 2025

What is CVE-2025-5915?

A vulnerability has been discovered in the Libarchive library that can lead to a heap buffer over-read. This occurs when the size of a filter block exceeds the limits imposed by the Lempel-Ziv-Storer-Schieber (LZSS) window. Consequently, this flaw may allow the library to read data beyond the allocated memory, which can trigger unpredictable behavior, cause program crashes, or expose sensitive information stored in adjacent memory regions.

References

https://access.redhat.com/security/cve/CVE-2025-5915

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2370865

issue-trackingx_refsource_REDHAT

https://github.com/libarchive/libarchive/pull/2599

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Jun 9, 2025

Red Hat

What is CVE-2025-5915?

References

CVSS V3.1

Timeline