Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Mageia 9: Advisory 2025-0200 critical: libarchive buffer overflow

mageia
Calendar Grey July 2, 2025
Dist Mageia Esm H88
The Mageia advisory 2025-0305 discusses urgent updates for libarchive due to significant security flaws.
Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

Summary

Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c. (CVE-2025-5914) Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c. (CVE-2025-5915) Integer overflow while reading warc files at archive_read_support_format_warc.c. (CVE-2025-5916) Off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c. (CVE-2025-5917)

References

- https://bugs.mageia.org/show_bug.cgi?id=34402

- https://ubuntu.com/security/notices/USN-7601-1

- https://www.cve.org/CVERecord?id=CVE-2025-5914

- https://www.cve.org/CVERecord?id=CVE-2025-5915

- https://www.cve.org/CVERecord?id=CVE-2025-5916

- https://www.cve.org/CVERecord?id=CVE-2025-5917

Resolution

SRPMS

- 9/core/libarchive-3.6.2-5.5.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 02 Jul 2025
URL: https://advisories.mageia.org/MGASA-2025-0200.html
Type: security
CVE: CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here