CVE-2025-5914

Published: Jun 9, 2025

Modified: Jun 5, 2026

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

Vendor	Product	Versions
Unknown	libarchive	affected `0 - < 3.8.0`
Red Hat	Red Hat Enterprise Linux 10	unaffected `0:3.7.7-4.el10_0 - < *`
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	unaffected `0:3.1.2-14.el7_9.1 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:3.3.3-6.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	unaffected `0:3.3.2-8.el8_2.1 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	unaffected `0:3.3.3-1.el8_4.1 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	unaffected `0:3.3.3-1.el8_4.1 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	unaffected `0:3.3.3-6.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	unaffected `0:3.3.3-6.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	unaffected `0:3.3.3-6.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	unaffected `0:3.3.3-5.el8_8.1 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	unaffected `0:3.3.3-5.el8_8.1 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:3.5.3-6.el9_6 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:3.5.3-6.el9_6 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	unaffected `0:3.5.3-2.el9_0.1 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	unaffected `0:3.5.3-5.el9_2 - < *`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	unaffected `0:3.5.3-4.el9_4.1 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.14	unaffected `414.92.202510211419-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.15	unaffected `415.92.202601271320-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.16	unaffected `416.94.202601071926-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.17	unaffected `417.94.202510112152-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.18	unaffected `418.94.202510230424-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.19	unaffected `4.19.9.6.202510140714-0 - < *`
Red Hat	Red Hat OpenShift Container Platform 4.20	unaffected `4.20.9.6.202509251656-0 - < *`
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	unaffected `1.11-19 - < *`
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	unaffected `1.11-8 - < *`
Red Hat	Red Hat Web Terminal 1.12 on RHEL 9	unaffected `1.12-4 - < *`
Red Hat	RHOSS-1.36-RHEL-8	unaffected `1.36.0-11 - < *`
Red Hat	RHOSS-1.36-RHEL-8	unaffected `1.36.0-11 - < *`
Red Hat	RHOSS-1.36-RHEL-8	unaffected `1.36.0-11 - < *`
Red Hat	RHOSS-1.36-RHEL-8	unaffected `1.36.0-10 - < *`
Red Hat	RHOSS-1.36-RHEL-8	unaffected `1.36.0-10 - < *`
Red Hat	RHOSS-1.36-RHEL-8	unaffected `1.36.0-4 - < *`
Red Hat	RHOSS-1.36-RHEL-8	unaffected `1.36.0-9 - < *`
Red Hat	RHOSS-1.36-RHEL-8	unaffected `1.36.0-12 - < *`
Red Hat	RHOSS-1.36-RHEL-8	unaffected `1.36.0-18 - < *`
Red Hat	RHOSS-1.36-RHEL-8	unaffected `1.36.0-11 - < *`
Red Hat	RHOSS-1.36-RHEL-8	unaffected `1.36.0-7 - < *`
Red Hat	cert-manager operator for Red Hat OpenShift 1.16	unaffected `v1.16.5-1760515757 - < *`
Red Hat	OpenShift Compliance Operator 1	unaffected `1.8.0 - < *`
Red Hat	OpenShift Compliance Operator 1	unaffected `1.8.0 - < *`
Red Hat	OpenShift Compliance Operator 1	unaffected `1.8.0 - < *`
Red Hat	OpenShift File Integrity Operator - FIO 1	unaffected `v1.3 - < *`
Red Hat	Red Hat Discovery 2	unaffected `2.2.1-1758555934 - < *`
Red Hat	Red Hat Insights proxy 1.5	unaffected `1.5.6-1756187445 - < *`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	unaffected `rhosdt-3.5-1756116455 - < *`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	unaffected `rhosdt-3.5-1756116482 - < *`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	unaffected `rhosdt-3.5-1756116441 - < *`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	unaffected `rhosdt-3.5-1756116449 - < *`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	unaffected `rhosdt-3.5-1756116439 - < *`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	unaffected `rhosdt-3.5-1756116447 - < *`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	unaffected `rhosdt-3.5-1756128595 - < *`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	unaffected `rhosdt-3.5-1756125872 - < *`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	unaffected `rhosdt-3.5-1756116445 - < *`
Red Hat	Red Hat OpenShift sandboxed containers 1.1	unaffected `1.10.2-1757422110 - < *`
Red Hat	Red Hat OpenShift sandboxed containers 1.1	unaffected `1.10.2-1757421846 - < *`
Red Hat	Red Hat OpenShift sandboxed containers 1.1	unaffected `1.10.2-1757421804 - < *`
Red Hat	Red Hat OpenShift sandboxed containers 1.1	unaffected `1.10.2-1757422070 - < *`
Red Hat	Red Hat OpenShift sandboxed containers 1.1	unaffected `1.10.2-1757421879 - < *`
Red Hat	Red Hat OpenShift sandboxed containers 1.1	unaffected `1.10.2-1757422401 - < *`
Red Hat	Red Hat OpenShift sandboxed containers 1.1	unaffected `1.10.2-1757421890 - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions