Source: libarchive Version: 3.7.4-3 Severity: important Tags: security upstream Forwarded: https://github.com/libarchive/libarchive/pull/2599 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 3.6.2-1+deb12u2 Control: found -1 3.6.2-1
Hi, The following vulnerability was published for libarchive. CVE-2025-5915[0]: | A vulnerability has been identified in the libarchive library. This | flaw can lead to a heap buffer over-read due to the size of a filter | block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) | window. This means the library may attempt to read beyond the | allocated memory buffer, which can result in unpredictable program | behavior, crashes (denial of service), or the disclosure of | sensitive information from adjacent memory regions. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-5915 https://www.cve.org/CVERecord?id=CVE-2025-5915 [1] https://github.com/libarchive/libarchive/pull/2599 [2] https://github.com/libarchive/libarchive/commit/a612bf62f86a6faa47bd57c52b94849f0a404d8c Please adjust the affected versions in the BTS as needed. Regards, Salvatore
