CVE-2025-5914

Published Jun 9, 2025

Last updated 3 months ago

CVSS high 7.8
Mysql

Overview

Description
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Source
secalert@redhat.com
NVD status
Modified
Products
libarchive, openshift_container_platform, enterprise_linux

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-190

Social media

Hype score
Not currently trending

  1. CVE-2025-5914 is not just an integer overflow. The overflow triggers a deeper architectural flaw: ownership confusion in libarchive RAR parser error paths, resulting in a deterministic double free. Article:https://t.co/LLwI0q1wmY Poc:https://t.co/RbIyl7NelN #cve #poc #libarchive

    @byte_reaper

    17 Jan 2026

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️Vulnerabilidad en Red Hat Enterprise Linux Server 7 ❗CVE-2025-5914 ➡️Más info: https://t.co/kwhdMFeLlT https://t.co/ThywAmviKv

    @CERTpy

    3 Sept 2025

    126 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Critical update for #Fedora 42! libarchive rebased to v3.8.1 to patch multiple CVEs, including a high-severity double-free flaw (CVE-2025-5914). Read more: 👉https://t.co/sq42p0IWaA #Security https://t.co/URcdxebUyz

    @Cezar_H_Linux

    22 Aug 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).CVE-2026-35235
  2. A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.CVE-2026-6384
  3. A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process such files.CVE-2026-40917
  4. A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected.CVE-2026-40918
  5. A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application.CVE-2026-40919

References

Sources include official advisories and independent security research.