Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:02522-1

Опубликовано: 25 июл. 2025
Источник: suse-cvrf

Описание

Security update for libarchive

This update for libarchive fixes the following issues:

  • CVE-2025-5916, Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
  • CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libarchive-devel-3.3.3-32.14.1
libarchive13-3.3.3-32.14.1

Описание

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.


Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive-devel-3.3.3-32.14.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive13-3.3.3-32.14.1

Ссылки

Описание

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.


Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive-devel-3.3.3-32.14.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libarchive13-3.3.3-32.14.1

Ссылки