Updated: 2025-06-24 04:10:11.032435
Description:
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | CRITICAL | 9.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libarchive | 3.5.3 | 9.8 | CRITICAL | Released | CLSA-2025:1751620336 | 2025-07-05 02:18:57 | |
| CentOS 7 ELS | libarchive | 3.1.2 | 9.8 | CRITICAL | Released | CLSA-2025:1751143694 | 2025-06-30 02:07:03 |