CVE-2025-5916 LOW

CVE-2025-5916: Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-190
Published June 9, 2025
Last update January 8, 2026

CVSS base score

3.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

Key dates

02Disclosure timeline

June 9, 2025 CVE published
January 8, 2026 Record updated