CVE-2026-5121

HIGH

Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

Title source: cna

Description

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

References (17)

[Vdb Entry, X_Refsource_Redhat] https://access.redhat.com/security/cve/CVE-2026-5121

https://github.com/libarchive/libarchive/pull/2934

[Issue Tracking, X_Refsource_Redhat] https://bugzilla.redhat.com/show_bug.cgi?id=2452945

https://github.com/advisories/GHSA-2vwv-vqpv-v8vc

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:8510

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:8517

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:8521

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:8534

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:8864

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:8867

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:8873

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:8908

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:8866

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:9026

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:9592

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:9832

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:10065

Scores

CVSS v3 7.5

EPSS 0.0010

EPSS Percentile 27.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-190

Status published

Products (35)

libarchive/libarchive

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:3.1.2-14.el7_9.2

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 8 0:3.3.3-7.el8_10

Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 0:3.3.2-8.el8_2.2

Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 0:3.3.3-1.el8_4.2

Red Hat/Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On 0:3.3.3-1.el8_4.2

... and 25 more

Published Mar 30, 2026

Tracked Since Mar 30, 2026