9.8
CVE-2026-5121
- EPSS 1.07%
- Veröffentlicht 30.03.2026 08:16:18
- Zuletzt bearbeitet 10.06.2026 18:17:13
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libarchive ≫ Libarchive Version-
Redhat ≫ Hardened Images Version-
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.07% | 0.605 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://access.redhat.com/security/cve/CVE-2026-5121
https://github.com/libarchive/libarchive/pull/2934
https://github.com/advisories/GHSA-2vwv-vqpv-v8vc
https://bugzilla.redhat.com/show_bug.cgi?id=2452945
https://access.redhat.com/errata/RHSA-2026:8510
https://access.redhat.com/errata/RHSA-2026:8534
https://access.redhat.com/errata/RHSA-2026:8517
https://access.redhat.com/errata/RHSA-2026:8521
https://access.redhat.com/errata/RHSA-2026:8867
https://access.redhat.com/errata/RHSA-2026:8864
https://access.redhat.com/errata/RHSA-2026:8873
https://access.redhat.com/errata/RHSA-2026:8908
https://access.redhat.com/errata/RHSA-2026:8866
https://access.redhat.com/errata/RHSA-2026:9026
https://access.redhat.com/errata/RHSA-2026:9592
https://access.redhat.com/errata/RHSA-2026:9832
https://access.redhat.com/errata/RHSA-2026:8944
https://access.redhat.com/errata/RHSA-2026:10065
https://access.redhat.com/errata/RHSA-2026:11768
https://access.redhat.com/errata/RHSA-2026:10097
https://access.redhat.com/errata/RHSA-2026:13812
https://access.redhat.com/errata/RHSA-2026:14937
https://access.redhat.com/errata/RHSA-2026:12274
https://access.redhat.com/errata/RHSA-2026:12071
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:15087
https://access.redhat.com/errata/RHSA-2026:14773
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:17596
https://access.redhat.com/errata/RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:20040
https://access.redhat.com/errata/RHSA-2026:21690
https://access.redhat.com/errata/RHSA-2026:25096