Integer overflow in Libarchive
CVE-2026-5121
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to…
Vulnerability class: Integer Overflow
EPSS: 0.001 (20.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Libarchive
- Red Hat Ai Inference Server 3.2 — versions 1779223651, 1779223654
- Red Hat Ai Inference Server 3.3 — versions 1778244531, 1778244559, 1778244546
- Red Hat Discovery 2 — versions 1778156756
- Red Hat Enterprise Linux 10
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7 Extended Lifecycle Support — versions 0:3.1.2-14.el7_9.2
- Red Hat Enterprise Linux 8 — versions 0:3.3.3-7.el8_10
- Red Hat Enterprise Linux 8.2 Advanced Update Support — versions 0:3.3.2-8.el8_2.2
- Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support — versions 0:3.3.3-1.el8_4.2
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
Frequently asked questions
- What is CVE-2026-5121?
- CVE-2026-5121 is a high-severity vulnerability in Libarchive, classified under Integer Overflow or Wraparound. CVSS score: 7.5/10. Published 2026-03-30.
- How severe is CVE-2026-5121?
- High severity. CVSS v3 base score is 7.5 out of 10.