JLSEC-2025-249

A vulnerability has been identified in the libarchive library

JLSEC Published: Nov 25, 2025
Modified: Nov 25, 2025
Affected Packages: LibArchive_jll < 3.8.0+0
Aliases / Upstream: CVE-2025-5918

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

References

https://access.redhat.com/security/cve/CVE-2025-5918
https://bugzilla.redhat.com/show_bug.cgi?id=2370877
https://github.com/libarchive/libarchive/pull/2584
https://github.com/libarchive/libarchive/releases/tag/v3.8.0