Description
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
Problem types
Integer Overflow or Wraparound
Product status
0:3.1.2-14.el7_9.2 (rpm) before *
0:3.3.3-7.el8_10 (rpm) before *
0:3.3.2-8.el8_2.2 (rpm) before *
0:3.3.3-1.el8_4.2 (rpm) before *
0:3.3.3-1.el8_4.2 (rpm) before *
0:3.3.3-6.el8_6.1 (rpm) before *
0:3.3.3-6.el8_6.1 (rpm) before *
0:3.3.3-6.el8_6.1 (rpm) before *
0:3.3.3-5.el8_8.2 (rpm) before *
0:3.3.3-5.el8_8.2 (rpm) before *
0:3.5.3-9.el9_7 (rpm) before *
0:3.5.3-9.el9_7 (rpm) before *
0:3.5.3-2.el9_0.4 (rpm) before *
0:3.5.3-5.el9_2.2 (rpm) before *
0:3.5.3-5.el9_4 (rpm) before *
0:3.5.3-7.el9_6.1 (rpm) before *
412.86.202604281506-0 (rpm) before *
413.92.202605271328-0 (rpm) before *
414.92.202605060243-0 (rpm) before *
415.92.202605060220-0 (rpm) before *
416.94.202604211449-0 (rpm) before *
417.94.202605112123-0 (rpm) before *
418.94.202604240015-0 (rpm) before *
4.19.9.6.202605201155-0 (rpm) before *
7.13.5-4.1777325677 (rpm) before *
7.13.5-4.1777325711 (rpm) before *
7.13.5-4.1777325710 (rpm) before *
7.13.5-3.1777325680 (rpm) before *
7.13.5-4.1777325709 (rpm) before *
7.13.5-4.1777325680 (rpm) before *
7.13.5-4.1777325708 (rpm) before *
1779223654 (rpm) before *
1779223651 (rpm) before *
1778244559 (rpm) before *
1778244531 (rpm) before *
1778274666 (rpm) before *
1778244546 (rpm) before *
1778156756 (rpm) before *
3.8.7-1.hum1 (rpm) before *
1776868961 (rpm) before *
1776868774 (rpm) before *
1776868744 (rpm) before *
1776868772 (rpm) before *
1776868842 (rpm) before *
1777459441 (rpm) before *
1777454300 (rpm) before *
1777459504 (rpm) before *
Timeline
| 2026-03-30: | Reported to Red Hat. |
| 2026-03-30: | Made public. |
Credits
Red Hat would like to thank Elhanan Haenel for reporting this issue.
References
access.redhat.com/errata/RHSA-2026:10065 (RHSA-2026:10065)
access.redhat.com/errata/RHSA-2026:10097 (RHSA-2026:10097)
access.redhat.com/errata/RHSA-2026:11768 (RHSA-2026:11768)
access.redhat.com/errata/RHSA-2026:12071 (RHSA-2026:12071)
access.redhat.com/errata/RHSA-2026:12274 (RHSA-2026:12274)
access.redhat.com/errata/RHSA-2026:13812 (RHSA-2026:13812)
access.redhat.com/errata/RHSA-2026:14773 (RHSA-2026:14773)
access.redhat.com/errata/RHSA-2026:14937 (RHSA-2026:14937)
access.redhat.com/errata/RHSA-2026:15087 (RHSA-2026:15087)
access.redhat.com/errata/RHSA-2026:16008 (RHSA-2026:16008)
access.redhat.com/errata/RHSA-2026:16009 (RHSA-2026:16009)
access.redhat.com/errata/RHSA-2026:16030 (RHSA-2026:16030)
access.redhat.com/errata/RHSA-2026:16174 (RHSA-2026:16174)
access.redhat.com/errata/RHSA-2026:17596 (RHSA-2026:17596)
access.redhat.com/errata/RHSA-2026:19724 (RHSA-2026:19724)
access.redhat.com/errata/RHSA-2026:19725 (RHSA-2026:19725)
access.redhat.com/errata/RHSA-2026:20040 (RHSA-2026:20040)
access.redhat.com/errata/RHSA-2026:21690 (RHSA-2026:21690)
access.redhat.com/errata/RHSA-2026:8510 (RHSA-2026:8510)
access.redhat.com/errata/RHSA-2026:8517 (RHSA-2026:8517)
access.redhat.com/errata/RHSA-2026:8521 (RHSA-2026:8521)
access.redhat.com/errata/RHSA-2026:8534 (RHSA-2026:8534)
access.redhat.com/errata/RHSA-2026:8864 (RHSA-2026:8864)
access.redhat.com/errata/RHSA-2026:8866 (RHSA-2026:8866)
access.redhat.com/errata/RHSA-2026:8867 (RHSA-2026:8867)
access.redhat.com/errata/RHSA-2026:8873 (RHSA-2026:8873)
access.redhat.com/errata/RHSA-2026:8908 (RHSA-2026:8908)
access.redhat.com/errata/RHSA-2026:8944 (RHSA-2026:8944)
access.redhat.com/errata/RHSA-2026:9026 (RHSA-2026:9026)
access.redhat.com/errata/RHSA-2026:9592 (RHSA-2026:9592)
access.redhat.com/errata/RHSA-2026:9832 (RHSA-2026:9832)
access.redhat.com/security/cve/CVE-2026-5121
bugzilla.redhat.com/show_bug.cgi?id=2452945 (RHBZ#2452945)
github.com/advisories/GHSA-2vwv-vqpv-v8vc
github.com/libarchive/libarchive/pull/2934