CVE-2025-5917

Description

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

How to fix CVE-2025-5917

To remediate CVE-2025-5917, upgrade the affected package to a fixed version below.

—upgrade to 3.4.3-2+deb11u3 or later

Is CVE-2025-5917 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 3.4.3-2+deb11u3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.0	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2025-5917