Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libarchive vulnerabilities (USN-8292-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8292-1 advisory. It was discovered that libarchive incorrectly handled certain RAR archive...

CLSA-2026-1777365744 libarchive: Fix of CVE-2026-5121

Fix CVE-2026-5121: heap buffer overflow in ISO9660 reader via invalid pzlog2bs value in Rock Ridge ZF extension...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

Important: libarchive

Issue Overview: A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could...

CLSA-2026-1777366496 libarchive: Fix of CVE-2026-5121

Fix CVE-2026-5121: heap buffer overflow in ISO9660 reader via invalid pzlog2bs value in Rock Ridge ZF extension...

CVE-2026-5121 affecting package libarchive for versions less than 3.7.7-6

CVE-2026-5121 affecting package libarchive for versions less than 3.7.7-6. A patched version of the package is available...

CVE-2026-5121 vulnerabilities

Vulnerabilities for packages: libarchive...

RHEL 8 : libarchive (RHSA-2026:9592)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9592 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660...

Oracle Linux 9 : libarchive (ELSA-2026-8510)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8510 advisory. - Resolves: CVE-2026-4424 - Resolves: CVE-2026-5121 Tenable has extracted the preceding description block directly from the Oracle Linux security...

AlmaLinux 9 : libarchive (ALSA-2026:8510)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:8510 advisory. libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing CVE-2026-4424 libarchive: libarchive: Arbitrary code...

Important: Red Hat Security Advisory: libarchive security update

An update for libarchive is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

libarchive security update

3.5.3-9 - Resolves: CVE-2026-4424 - Resolves: CVE-2026-5121 3.5.3-8 - Release bump...

RHEL 8 : libarchive (RHSA-2026:8521)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8521 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660...

SUSE CVE-2026-5121

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

CVE-2026-5121

creationtimestamp| type| source ---|---|--- 2026-03-30 12:00:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mibmfwrwoo22 2026-03-31 17:00:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mienofpx762r 2026-03-31 17:24:25+00:00| published-proof-of-concept|...

DEBIAN-CVE-2026-5121

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

CVE-2026-5121

CVE-2026-5121 and CVE-2026-4424 affect libarchive, with a vulnerability in ISO9660 image processing (32-bit) that can cause a heap overflow when processing a crafted ISO9660 image, potentially enabling arbitrary code execution. Described as a 32-bit integer overflow in zisofs block pointer alloca...

CVE-2025-5121

CVE-2025-5121 affects GitLab CE/EE versions 17.11 prior to 17.11.4 and 18.0 prior to 18.0.2. The issue is a missing authorization check that could allow applying compliance frameworks to projects outside the intended group. Public documents confirm the vulnerability description across multiple fe...

CVE-2025-5121 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...

CVE-2025-5121 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...