Advisories ยป MGASA-2025-0200

Updated libarchive packages fix security vulnerabilities

Publication date: 02 Jul 2025
Modification date: 02 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5914 , CVE-2025-5915 , CVE-2025-5916 , CVE-2025-5917

Description

Double free at archive_read_format_rar_seek_data() in
archive_read_support_format_rar.c. (CVE-2025-5914)
Heap buffer over read in copy_from_lzss_window() at
archive_read_support_format_rar.c. (CVE-2025-5915)
Integer overflow while reading warc files at
archive_read_support_format_warc.c. (CVE-2025-5916)
Off by one error in build_ustar_entry_name() at
archive_write_set_format_pax.c. (CVE-2025-5917)
                

References

SRPMS

9/core