Integer Overflow Vulnerability in libarchive Affecting 32-bit Systems
CVE-2026-5121

7.5HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Vendor
CVE Published:
30 March 2026

What is CVE-2026-5121?

An integer overflow vulnerability has been identified in libarchive specifically affecting 32-bit systems. This flaw resides in the zisofs block pointer allocation logic, allowing a remote attacker to exploit it by delivering a crafted ISO9660 image. Successful exploitation can lead to a heap buffer overflow, potentially enabling arbitrary code execution on the compromised system. It is crucial for users of libarchive to apply the necessary updates to mitigate this risk.

Affected Version(s)

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:3.1.2-14.el7_9.2

Red Hat Enterprise Linux 8 0:3.3.3-7.el8_10

Red Hat Enterprise Linux 8.2 Advanced Update Support 0:3.3.2-8.el8_2.2

References

https://access.redhat.com/errata/RHSA-2026:10065
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10097
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11768
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Elhanan Haenel for reporting this issue.
.