79 matches found
CVE-2026-14164
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...
CVE-2026-14164
CVE-2026-14164 concerns libarchive’s RAR5 reader. A double-free arises when a filtered_buf pointer remains stale after being freed during unpack state reinitialization, allowing a second free on processing a subsequent archive entry. The issue is triggered by parsing a specially crafted RAR5 arch...
CVE-2026-14164
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...
CVE-2026-58052
Technical details are not publicly available in the provided documents; monitor for updates.
PT-2026-53084
Name of the Vulnerable Software and Affected Versions 7-Zip for Windows versions prior to 26.02 Description 7-Zip fails to preserve the Mark-of-the-Web MotW when extracting a specially crafted RAR5 archive. The software uses a guard to suppress archive-supplied Zone.Identifier streams, but it onl...
SUSE-SU-2026:2490-1 Security update for libarchive
This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424:...
SUSE-SU-2026:22248-1 Security update for libarchive
This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424:...
EulerOS Virtualization 2.13.0 : libarchive (EulerOS-SA-2026-2401)
According to the versions of the libarchive packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddat...
EulerOS Virtualization 2.13.1 : libarchive (EulerOS-SA-2026-2372)
According to the versions of the libarchive packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddat...
EulerOS 2.0 SP11 : libarchive (EulerOS-SA-2026-2248)
According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing...
EulerOS Virtualization 2.12.0 : libarchive (EulerOS-SA-2026-2103)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata...
EulerOS Virtualization 2.12.1 : libarchive (EulerOS-SA-2026-2078)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata...
EulerOS Virtualization 2.10.0 : libarchive (EulerOS-SA-2026-2050)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata...
EulerOS Virtualization 2.10.1 : libarchive (EulerOS-SA-2026-2023)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata...
SUSE-SU-2026:21757-1 Security update for libarchive
This update for libarchive fixes the following issues - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424: 257-byte heap memory leak when processing a 170-byte RAR3 bsc1259928. - CVE-2026-4426:...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.54 bug fix and security update
Red Hat OpenShift Container Platform release 4.17.54 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libarchive (UTSA-2026-016784)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016784 advisory. A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially...
[SECURITY] [DLA 4563-1] libarchive security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4563-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout May 05, 2026 https://wiki.debian.org/LTS -...
Debian dla-4563 : libarchive-dev - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4563 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4563-1 [email protected]...
Fedora 44 : libarchive (2026-b42b8b1c00)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b42b8b1c00 advisory. CVE-2026-4111 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archivereaddata in libarchive Tenable has extracted the preceding...