27 matches found
EulerOS Virtualization 2.13.1 : libarchive (EulerOS-SA-2026-2372)
According to the versions of the libarchive packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddat...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...
TencentOS Server 4: libarchive (TSSA-2026:0308)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0308 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1.9)
The version of AHV installed on the remote host is prior to AHV-10.3.1.9. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1.9 advisory. - The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for...
SUSE CVE-2026-5121
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...
Linux Distros Unpatched Vulnerability : CVE-2026-5121
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4424
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...
Linux Distros Unpatched Vulnerability : CVE-2026-4426
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs...
EulerOS Virtualization 2.12.1 : libarchive (EulerOS-SA-2026-1435)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when...
📄 libarchive RAR Double Free / Use-After-Free
This proof of concept demonstrates a memory management flaw in libarchive versions prior to 3.8.0 when handling malformed RAR headers. By supplying a corrupted RAR structure, the code forces error paths during archive parsing, leading to improper cleanup. As a result, the archive object may be...
macOS 14.x < 14.8.3 Multiple Vulnerabilities (125888)
The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.8.3. It is, therefore, affected by multiple vulnerabilities: - A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing...
AlmaLinux 10 : libarchive (ALSA-2025:14137)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:14137 advisory. libarchive: Double free at archivereadformatrarseekdata in archivereadsupportformatrar.c CVE-2025-5914 Tenable has extracted the preceding description block...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libarchive (UTSA-2025-986096)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986096 advisory. listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact...
Linux Distros Unpatched Vulnerability : CVE-2025-5915
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over- read due to the size of a filter block potentially...
Astra Linux – Vulnerability in libarchive
A vulnerability has been identified in the libarchive library. This flaw can lead to an over-reading of the heap buffer, as the size of a filter block may exceed the Lempel-Ziv-Storer-Schieber LZSS window. This means that the library may attempt to read beyond the allocated memory buffer, which c...
Linux Distros Unpatched Vulnerability : CVE-2017-14501
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file...
CVE-2025-25724
A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be...