Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

June 9, 2025 invoker category_cve

CVE Details

Basic Information

Title Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
Type cve
Published 2025-06-09T19:53:48.923Z
Last Seen

Product Information

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Version

CVSS Information

Base Score 3.9 (LOW)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A double-free vulnerability in libarchive’s archive_read_format_rar_seek_data() function can cause memory corruption, allowing attackers to execute arbitrary code or cause a denial-of-service.
AI Severity Medium
Vendor libarchive
Product libarchive library
Affected Version 3.8.0

Additional Information

CVE List
CWE List CWE-415
Bulletin Family

Description

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.