3148 matches found
CVE-2026-14164
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...
CVE-2026-14164
CVE-2026-14164 concerns libarchive’s RAR5 reader. A double-free arises when a filtered_buf pointer remains stale after being freed during unpack state reinitialization, allowing a second free on processing a subsequent archive entry. The issue is triggered by parsing a specially crafted RAR5 arch...
CVE-2026-14164 Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack()
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...
EUVD-2026-40259
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...
CVE-2026-14164
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...
CVE-2026-14164
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...
Security update for xtrabackup (moderate)
openSUSE Security Update: Security update for xtrabackup Announcement ID: openSUSE-SU-2026:0221-1 Rating: moderate References: 1244285 Cross-References: CVE-2025-5918 CVSS scores: CVE-2025-5918 SUSE: 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE...
EulerOS 2.0 SP15 : libarchive (EulerOS-SA-2026-2486)
According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of...
SUSE SLES15 Security Update : libarchive (SUSE-SU-2026:2599-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2599-1 advisory. This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches...
SUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2026:2490-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2490-1 advisory. This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length...
SUSE-SU-2026:22248-1 Security update for libarchive
This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424:...
Astra Linux – Vulnerability in libarchive
In libarchive before version 3.6.2, the software does not check for an error after calling the calloc function. This function may return a NULL pointer if it fails, leading to a NULL pointer being dereferenced. NOTE: The discoverer cites this CWE-476 issue, but third parties dispute its impact on...
Astra Linux – Vulnerability in libarchive
An improper link resolution flaw can occur during the extraction of an archive, resulting in changes to the mode, times, access control lists, and flags of a file within the archive. An attacker may provide a malicious archive to a victim user, triggering this flaw when the victim attempts to...
Astra Linux – Vulnerability in libarchive
An improper link resolution flaw during the extraction of an archive can cause changes to the access control list ACL of the target of the link. An attacker may provide a malicious archive to a victim user, triggering this flaw when the victim tries to extract the archive. A local attacker may...
Astra Linux – Vulnerability in libarchive
In libarchive versions 3.4.1 through 3.5.1, there is a use-after-free in the copystring function called from douncompressblock and processblock...
Astra Linux – Vulnerability in libarchive
Libarchive Remote Code Execution Vulnerability...
Astra Linux – Vulnerability in libarchive
A issue was discovered in libarchive bsdtar before version 3.8.1, in the function applysubstitution in the file tar/subst.c, when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to a denial of service Out-of-Memory crash...
Astra Linux – Vulnerability in libarchive
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are passed into bsdtar, potentially allowing for reading beyond the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior,...
Astra Linux – Vulnerability in libarchive
“executefilteraudio” in “archivereadsupportformatrar.c” in “libarchive” before version 3.7.5 allows out-of-bounds access via a crafted archive file, as “src” can move beyond “dst”...
Astra Linux – Vulnerability in libarchive
The executefilterdelta function in archivereadsupportformatrar.c in libarchive before version 3.7.5 allows for out-of-bounds access through a crafted archive file, as src may move beyond dst...