CVE-2026-5121
HIGHLibarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing
Title source: cnaDescription
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
References (36)
Core 36
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21690
https://access.redhat.com/errata/RHSA-2026:21690
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25096
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:10097
https://access.redhat.com/errata/RHSA-2026:10097
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:11768
https://access.redhat.com/errata/RHSA-2026:11768
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:10065
https://access.redhat.com/errata/RHSA-2026:10065
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:13812
https://access.redhat.com/errata/RHSA-2026:13812
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:8510
https://access.redhat.com/errata/RHSA-2026:8510
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:8517
https://access.redhat.com/errata/RHSA-2026:8517
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:8521
https://access.redhat.com/errata/RHSA-2026:8521
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:8534
https://access.redhat.com/errata/RHSA-2026:8534
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:8864
https://access.redhat.com/errata/RHSA-2026:8864
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:8866
https://access.redhat.com/errata/RHSA-2026:8866
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:8867
https://access.redhat.com/errata/RHSA-2026:8867
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:8873
https://access.redhat.com/errata/RHSA-2026:8873
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:8908
https://access.redhat.com/errata/RHSA-2026:8908
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:8944
https://access.redhat.com/errata/RHSA-2026:8944
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:9026
https://access.redhat.com/errata/RHSA-2026:9026
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:9592
https://access.redhat.com/errata/RHSA-2026:9592
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:9832
https://access.redhat.com/errata/RHSA-2026:9832
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-5121
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2452945
https://bugzilla.redhat.com/show_bug.cgi?id=2452945
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:12071
https://access.redhat.com/errata/RHSA-2026:12071
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:12274
https://access.redhat.com/errata/RHSA-2026:12274
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:14937
https://access.redhat.com/errata/RHSA-2026:14937
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:16174
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:14773
https://access.redhat.com/errata/RHSA-2026:14773
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:15087
https://access.redhat.com/errata/RHSA-2026:15087
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16008
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16009
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:16030
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:17596
https://access.redhat.com/errata/RHSA-2026:17596
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:19724
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:19725
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20040
https://access.redhat.com/errata/RHSA-2026:20040
Scores
CVSS v3
7.5
EPSS
0.0107
EPSS Percentile
60.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-190
Status
published
Products (50)
libarchive/libarchive
Red Hat/Red Hat AI Inference Server 3.2
1779223651
Red Hat/Red Hat AI Inference Server 3.2
1779223654
Red Hat/Red Hat AI Inference Server 3.2
1780681984
Red Hat/Red Hat AI Inference Server 3.3
1778244531
Red Hat/Red Hat AI Inference Server 3.3
1778244546
Red Hat/Red Hat AI Inference Server 3.3
1778244559
Red Hat/Red Hat AI Inference Server 3.3
1778274666
Red Hat/Red Hat Discovery 2
1778156756
Red Hat/Red Hat Enterprise Linux 10
... and 40 more
Published
Mar 30, 2026
Tracked Since
Mar 30, 2026