CVE-2026-5121

HIGH EPSS 60.7%

Published Mar 30, 20263mo ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Mar 30, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

60.7% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 8

Vendor	Product	Version	Range
libarchive	libarchive	*	any
redhat	hardened_images	*	any
redhat	openshift_container_platform	4.0	any
redhat	enterprise_linux	6.0	any
redhat	enterprise_linux	7.0	any
redhat	enterprise_linux	8.0	any
redhat	enterprise_linux	9.0	any
redhat	enterprise_linux	10.0	any

References 36

access.redhat.com https://access.redhat.com/errata/RHSA-2026:10065
access.redhat.com https://access.redhat.com/errata/RHSA-2026:10097
access.redhat.com https://access.redhat.com/errata/RHSA-2026:11768
access.redhat.com https://access.redhat.com/errata/RHSA-2026:12071
access.redhat.com https://access.redhat.com/errata/RHSA-2026:12274
access.redhat.com https://access.redhat.com/errata/RHSA-2026:13812
access.redhat.com https://access.redhat.com/errata/RHSA-2026:14773
access.redhat.com https://access.redhat.com/errata/RHSA-2026:14937
access.redhat.com https://access.redhat.com/errata/RHSA-2026:15087
access.redhat.com https://access.redhat.com/errata/RHSA-2026:16008
access.redhat.com https://access.redhat.com/errata/RHSA-2026:16009
access.redhat.com https://access.redhat.com/errata/RHSA-2026:16030
access.redhat.com https://access.redhat.com/errata/RHSA-2026:16174
access.redhat.com https://access.redhat.com/errata/RHSA-2026:17596
access.redhat.com https://access.redhat.com/errata/RHSA-2026:19724
access.redhat.com https://access.redhat.com/errata/RHSA-2026:19725
access.redhat.com https://access.redhat.com/errata/RHSA-2026:20040
access.redhat.com https://access.redhat.com/errata/RHSA-2026:21690
access.redhat.com https://access.redhat.com/errata/RHSA-2026:25096
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8510
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8517
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8521
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8534
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8864
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8866
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8867
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8873
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8908
access.redhat.com https://access.redhat.com/errata/RHSA-2026:8944
access.redhat.com https://access.redhat.com/errata/RHSA-2026:9026
access.redhat.com https://access.redhat.com/errata/RHSA-2026:9592
access.redhat.com https://access.redhat.com/errata/RHSA-2026:9832
access.redhat.com https://access.redhat.com/security/cve/CVE-2026-5121

Third Party Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2452945
github.com https://github.com/advisories/GHSA-2vwv-vqpv-v8vc

Third Party Advisory
github.com https://github.com/libarchive/libarchive/pull/2934

Issue TrackingPatch

Remediation

github.com https://github.com/libarchive/libarchive/pull/2934

Issue TrackingPatch