CVE-2025-5914

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

Weakness

The product calls free() twice on the same memory address.

Affected Software

Name	Vendor	Start Version	End Version
Libarchive	Libarchive	*	3.8.0 (excluding)
Red Hat Enterprise Linux 10	RedHat	libarchive-0:3.7.7-4.el10_0	*
Red Hat Enterprise Linux 7 Extended Lifecycle Support	RedHat	libarchive-0:3.1.2-14.el7_9.1	*
Red Hat Enterprise Linux 8	RedHat	libarchive-0:3.3.3-6.el8_10	*
Red Hat Enterprise Linux 8.2 Advanced Update Support	RedHat	libarchive-0:3.3.2-8.el8_2.1	*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	RedHat	libarchive-0:3.3.3-1.el8_4.1	*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	RedHat	libarchive-0:3.3.3-1.el8_4.1	*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	RedHat	libarchive-0:3.3.3-6.el8_6	*
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	RedHat	libarchive-0:3.3.3-6.el8_6	*
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	RedHat	libarchive-0:3.3.3-6.el8_6	*
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	RedHat	libarchive-0:3.3.3-5.el8_8.1	*
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	RedHat	libarchive-0:3.3.3-5.el8_8.1	*
Red Hat Enterprise Linux 9	RedHat	libarchive-0:3.5.3-6.el9_6	*
Red Hat Enterprise Linux 9	RedHat	libarchive-0:3.5.3-6.el9_6	*
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	RedHat	libarchive-0:3.5.3-2.el9_0.1	*
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	RedHat	libarchive-0:3.5.3-5.el9_2	*
Red Hat Enterprise Linux 9.4 Extended Update Support	RedHat	libarchive-0:3.5.3-4.el9_4.1	*
Red Hat OpenShift Container Platform 4.14	RedHat	rhcos	*
Red Hat OpenShift Container Platform 4.17	RedHat	rhcos	*
Red Hat OpenShift Container Platform 4.18	RedHat	rhcos	*
Red Hat OpenShift Container Platform 4.19	RedHat	rhcos	*
Red Hat OpenShift Container Platform 4.20	RedHat	rhcos	*
Red Hat Web Terminal 1.11 on RHEL 9	RedHat	web-terminal/web-terminal-rhel9-operator:1.11-19	*
Red Hat Web Terminal 1.11 on RHEL 9	RedHat	web-terminal/web-terminal-tooling-rhel9:1.11-8	*
Red Hat Web Terminal 1.12 on RHEL 9	RedHat	web-terminal/web-terminal-tooling-rhel9:1.12-4	*
Cert-manager operator for Red Hat OpenShift 1.16	RedHat	cert-manager/jetstack-cert-manager-rhel9:sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b	*
Red Hat Discovery 2	RedHat	discovery/discovery-server-rhel9:sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda	*
Red Hat Insights proxy 1.5	RedHat	insights-proxy/insights-proxy-container-rhel9:sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-agent-rhel8:sha256:73ddf7caa420d1cb2027068dabcc7bbf07fdd160135ab12ad0656cec5dbef185	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-all-in-one-rhel8:sha256:540ed092ec7c7e8e07927636ccdb04a662a7108c295f793028494c9184bdf85b	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-collector-rhel8:sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-es-index-cleaner-rhel8:sha256:e17c9de114b6b89e9c66642ab5f95b62321d367b6d22be1464cf89dbc3ead673	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-es-rollover-rhel8:sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-ingester-rhel8:sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-operator-bundle:sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-query-rhel8:sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-rhel8-operator:sha256:bec83c93d089d4ec7a8e00c0b1a94732c0e083ed216978fd1214ef9bea1082dd	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9:sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9:sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-monitor-rhel9:sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-must-gather-rhel9:sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-podvm-builder-rhel9:sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-podvm-payload-rhel9:sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-rhel9-operator:sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65	*
Libarchive	Ubuntu	devel	*
Libarchive	Ubuntu	esm-infra-legacy/trusty	*
Libarchive	Ubuntu	esm-infra/bionic	*
Libarchive	Ubuntu	esm-infra/focal	*
Libarchive	Ubuntu	esm-infra/xenial	*
Libarchive	Ubuntu	jammy	*
Libarchive	Ubuntu	noble	*
Libarchive	Ubuntu	oracular	*
Libarchive	Ubuntu	plucky	*
Libarchive	Ubuntu	questing	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-5914
CWE	https://cwe.mitre.org/data/definitions/415.html

Double Free

Weakness

Affected Software

Potential Mitigations

References