CVE-2025-5914

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

Weakness

The product calls free() twice on the same memory address.

Affected Software

Name	Vendor	Start Version	End Version
Libarchive	Libarchive	*	3.8.0 (excluding)
Red Hat Enterprise Linux 10	RedHat	libarchive-0:3.7.7-4.el10_0	*
Red Hat Enterprise Linux 7 Extended Lifecycle Support	RedHat	libarchive-0:3.1.2-14.el7_9.1	*
Red Hat Enterprise Linux 8	RedHat	libarchive-0:3.3.3-6.el8_10	*
Red Hat Enterprise Linux 8.2 Advanced Update Support	RedHat	libarchive-0:3.3.2-8.el8_2.1	*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	RedHat	libarchive-0:3.3.3-1.el8_4.1	*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	RedHat	libarchive-0:3.3.3-1.el8_4.1	*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	RedHat	libarchive-0:3.3.3-6.el8_6	*
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	RedHat	libarchive-0:3.3.3-6.el8_6	*
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	RedHat	libarchive-0:3.3.3-6.el8_6	*
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	RedHat	libarchive-0:3.3.3-5.el8_8.1	*
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	RedHat	libarchive-0:3.3.3-5.el8_8.1	*
Red Hat Enterprise Linux 9	RedHat	libarchive-0:3.5.3-6.el9_6	*
Red Hat Enterprise Linux 9	RedHat	libarchive-0:3.5.3-6.el9_6	*
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	RedHat	libarchive-0:3.5.3-2.el9_0.1	*
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	RedHat	libarchive-0:3.5.3-5.el9_2	*
Red Hat Enterprise Linux 9.4 Extended Update Support	RedHat	libarchive-0:3.5.3-4.el9_4.1	*
Red Hat Web Terminal 1.11 on RHEL 9	RedHat	web-terminal/web-terminal-rhel9-operator:1.11-19	*
Red Hat Web Terminal 1.11 on RHEL 9	RedHat	web-terminal/web-terminal-tooling-rhel9:1.11-8	*
Red Hat Web Terminal 1.12 on RHEL 9	RedHat	web-terminal/web-terminal-tooling-rhel9:1.12-4	*
Red Hat Discovery 2	RedHat	discovery/discovery-server-rhel9:sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083	*
Red Hat Insights proxy 1.5	RedHat	insights-proxy/insights-proxy-container-rhel9:sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-agent-rhel8:sha256:5604dbb58d5e31f399f41ae4bf7a766272bf091a4e1bd6e89d1b85d62b0db93a	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-all-in-one-rhel8:sha256:03b0aced2885356099971c8470add4b0f7732bcb380c74be3691d30c2894e5c0	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-collector-rhel8:sha256:86d400b195958c287846ae60d76d2ec277740da3d3de033c7e72ab9a42370b4b	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-es-index-cleaner-rhel8:sha256:d19f9ec47cebda060653f6f810431dbb1ea4209f0a925a9f9a9739e7b7487c33	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-es-rollover-rhel8:sha256:d0878cf4a206d3f70a7a8fc3d5d30f0272697afcb360599b248da9215ec60366	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-ingester-rhel8:sha256:25bf841bfc90928c684f6cf07329d5551806503fbb42806fe564f90fdf98d743	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-operator-bundle:sha256:f250e39033d7cb1d786e5a7ec6798c25d4c5d8c6ecbcf6828915605fc4658da5	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-query-rhel8:sha256:fd355e1feeb516ebe51d161bad67c32659884bf551cccbf34b9f13e46a89449b	*
Red Hat OpenShift distributed tracing 3.5.2	RedHat	rhosdt/jaeger-rhel8-operator:sha256:9b66a46b3a28084c45823268d1fa4ae953c50b996f3d265c5fc9f4bc3eb326b4	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9:sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9:sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-monitor-rhel9:sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-must-gather-rhel9:sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-podvm-builder-rhel9:sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-podvm-payload-rhel9:sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac	*
Red Hat OpenShift sandboxed containers 1.1	RedHat	openshift-sandboxed-containers/osc-rhel9-operator:sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d	*
Libarchive	Ubuntu	devel	*
Libarchive	Ubuntu	esm-infra-legacy/trusty	*
Libarchive	Ubuntu	esm-infra/bionic	*
Libarchive	Ubuntu	esm-infra/focal	*
Libarchive	Ubuntu	esm-infra/xenial	*
Libarchive	Ubuntu	jammy	*
Libarchive	Ubuntu	noble	*
Libarchive	Ubuntu	oracular	*
Libarchive	Ubuntu	plucky	*
Libarchive	Ubuntu	questing	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-5914
CWE	https://cwe.mitre.org/data/definitions/415.html

Double Free

Weakness

Affected Software

Potential Mitigations

References