Unrated severityOSV Advisory· Published Jun 9, 2025· Updated Jan 8, 2026
Libarchive: reading past eof may be triggered for piped file streams
CVE-2025-5918
Description
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22v3.0.0a, v3.0.1b, v3.1.900a, …+ 1 more
- (no CPE)range: v3.0.0a, v3.0.1b, v3.1.900a, …
- (no CPE)
- osv-coords20 versionspkg:rpm/opensuse/libarchive&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libarchive&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/libarchive&distro=SUSE%20Manager%20Server%20LTS%204.3
< 3.7.2-150600.3.17.1+ 19 more
- (no CPE)range: < 3.7.2-150600.3.17.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.7.2-150600.3.17.1
- (no CPE)range: < 3.7.2-150600.3.17.1
- (no CPE)range: < 3.7.2-150600.3.17.1
- (no CPE)range: < 3.7.2-150600.3.17.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.6.2-5.1
- (no CPE)range: < 3.7.4-slfo.1.1_3.1
- (no CPE)range: < 3.5.1-150400.3.21.1
- (no CPE)range: < 3.5.1-150400.3.21.1
Patches
Vulnerability mechanics
References
4- access.redhat.com/security/cve/CVE-2025-5918mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- github.com/libarchive/libarchive/pull/2584mitre
- github.com/libarchive/libarchive/releases/tag/v3.8.0mitre
News mentions
0No linked articles in our index yet.