A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.
{
"cwe_ids": [
"CWE-787"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/5xxx/CVE-2025-5917.json",
"cna_assigner": "redhat"
}{
"source": [
"AFFECTED_FIELD",
"CPE_RANGE",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.8.0"
},
{
"introduced": "0"
},
{
"fixed": "3.8.0"
}
],
"cpe": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*"
}