Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-5916

3.9 LOW

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): LOW

created 10 months ago

Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.

References

https://access.redhat.com/security/cve/CVE-2025-5916 vdb-entryx_refsource_REDHAT
RHBZ#2370872 x_refsource_REDHATissue-tracking
https://github.com/libarchive/libarchive/pull/2568
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
https://access.redhat.com/security/cve/CVE-2025-5916 vdb-entryx_refsource_REDHAT
RHBZ#2370872 x_refsource_REDHATissue-tracking
https://github.com/libarchive/libarchive/pull/2568
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
https://access.redhat.com/security/cve/CVE-2025-5916 vdb-entryx_refsource_REDHAT
RHBZ#2370872 x_refsource_REDHATissue-tracking
https://github.com/libarchive/libarchive/pull/2568
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
https://access.redhat.com/security/cve/CVE-2025-5916 vdb-entryx_refsource_REDHAT
RHBZ#2370872 x_refsource_REDHATissue-tracking
https://github.com/libarchive/libarchive/pull/2568
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
https://access.redhat.com/security/cve/CVE-2025-5916 vdb-entryx_refsource_REDHAT
RHBZ#2370872 x_refsource_REDHATissue-tracking
https://github.com/libarchive/libarchive/pull/2568
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
https://access.redhat.com/security/cve/CVE-2025-5916 vdb-entryx_refsource_REDHAT
RHBZ#2370872 x_refsource_REDHATissue-tracking
https://github.com/libarchive/libarchive/pull/2568
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
https://access.redhat.com/security/cve/CVE-2025-5916 vdb-entryx_refsource_REDHAT
RHBZ#2370872 x_refsource_REDHATissue-tracking
https://github.com/libarchive/libarchive/pull/2568
https://github.com/libarchive/libarchive/releases/tag/v3.8.0

Affected products

rhcos

libarchive

<3.8.0

Matching in nixpkgs

pkgs.libarchive

Multi-format archive and compression library

nixos-unstable 3.7.8
- nixpkgs-unstable 3.7.8
- nixos-unstable-small 3.7.8

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

nixos-unstable 2.0.8
- nixpkgs-unstable 2.0.8
- nixos-unstable-small 2.0.8

pkgs.haskellPackages.libarchive

Haskell interface to libarchive

nixos-unstable 3.0.4.2
- nixpkgs-unstable 3.0.4.2
- nixos-unstable-small 3.0.4.2

pkgs.kodiPackages.vfs-libarchive

LibArchive Virtual Filesystem add-on for Kodi

nixos-unstable 20.1.0
- nixpkgs-unstable 20.1.0
- nixos-unstable-small 20.1.0

pkgs.python311Packages.libarchive-c

Python interface to libarchive

nixos-unstable 5.1
- nixpkgs-unstable 5.1
- nixos-unstable-small 5.1

pkgs.python312Packages.libarchive-c

Python interface to libarchive

nixos-unstable 5.1
- nixpkgs-unstable 5.1
- nixos-unstable-small 5.1

pkgs.python313Packages.libarchive-c

Python interface to libarchive

nixos-unstable 5.1
- nixpkgs-unstable 5.1
- nixos-unstable-small 5.1

pkgs.haskellPackages.archive-libarchive

Common interface using libarchive

nixos-unstable 1.0.0.1
- nixpkgs-unstable 1.0.0.1
- nixos-unstable-small 1.0.0.1

pkgs.haskellPackages.libarchive-conduit

Read many archive formats with libarchive and conduit

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0

pkgs.python311Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

nixos-unstable 21.5.31
- nixpkgs-unstable 21.5.31
- nixos-unstable-small 21.5.31

pkgs.python312Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

nixos-unstable 21.5.31
- nixpkgs-unstable 21.5.31
- nixos-unstable-small 21.5.31

pkgs.python313Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

nixos-unstable 21.5.31
- nixpkgs-unstable 21.5.31
- nixos-unstable-small 21.5.31

Package maintainers

@dschrempf Dominik Schrempf <dominik.schrempf@gmail.com>
@sephalon Stefan Wiehler <me@sephalon.net>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@edwtjo Edward Tjörnhammar <ed@cflags.cc>
@minijackson Rémi Nicole <minijackson@riseup.net>
@nvmd Sergey Kazenyuk <kazenyuk@pm.me>
@aanderse Aaron Andersen <aaron@fosslib.net>
@cpages Carles Pagès <page@ruiec.cat>
@jcumming Jack Cummings <jack@mudshark.org>
@dan4ik605743 Danil Danevich <6057430gu@gmail.com>