Updated: 2025-08-21 03:39:58.654447
Description:
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libarchive | 3.5.3 | 7.3 | HIGH | Released | CLSA-2025:1751620336 | 2025-07-05 02:18:57 | |
| CentOS 7 ELS | libarchive | 3.1.2 | 7.3 | HIGH | Released | CLSA-2025:1751143694 | 2025-06-30 02:07:03 | |
| Oracle Linux 7 ELS | libarchive | 3.1.2 | 7.3 | HIGH | Released | CLSA-2025:1764235944 | 2025-11-27 19:00:13 |