Heap-based Buffer Overflow

CVE-2025-5915

Medium

6.6/10

Summary

A vulnerability has been identified in the libarchive library versions prior to 3.8.0. This flaw can lead to a Heap-based Buffer Over-Read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (Denial-of-Service), or the disclosure of sensitive information from adjacent memory regions.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-122 - Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References

Advisory Timeline

Published Jun 09, 2025

Heap-based Buffer Overflow

CVE-2025-5915

Summary

CWE-122 - Heap-based Buffer Overflow

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS