Heap Overflow Vulnerability in libarchive Affects Multiple Systems
CVE-2026-15028
3.9LOW
What is CVE-2026-15028?
A vulnerability has been identified in libarchive where a specially crafted tar archive can trigger a heap overflow. The issue arises during the parsing of a PAX extended header that contains a malformed SUN.holesdata sparse-file attribute. If exploited, this flaw could lead to a denial of service, rendering the affected system unavailable, and may also enable an attacker to execute arbitrary code, potentially gaining full control over the system.