Описание
Security update for libarchive
This update for libarchive fixes the following issues:
- CVE-2025-5916, Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Ссылки
- Link for SUSE-SU-2025:02522-1
- E-Mail link for SUSE-SU-2025:02522-1
- SUSE Security Ratings
- SUSE Bug 1244270
- SUSE Bug 1244272
- SUSE CVE CVE-2025-5914 page
- SUSE CVE CVE-2025-5916 page
Описание
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Затронутые продукты
Ссылки
- CVE-2025-5914
- SUSE Bug 1244272
Описание
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.
Затронутые продукты
Ссылки
- CVE-2025-5916
- SUSE Bug 1244270