Heap Overflow Vulnerability in libarchive Affects Multiple Systems
CVE-2026-15028

3.9LOW

What is CVE-2026-15028?

A vulnerability has been identified in libarchive where a specially crafted tar archive can trigger a heap overflow. The issue arises during the parsing of a PAX extended header that contains a malformed SUN.holesdata sparse-file attribute. If exploited, this flaw could lead to a denial of service, rendering the affected system unavailable, and may also enable an attacker to execute arbitrary code, potentially gaining full control over the system.

References

CVSS V3.1

Score:
3.9
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.