rpm package
suse/libarchive&distro=SUSE Linux Enterprise Micro 5.5
pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Micro%205.5
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5121 | Hig | 7.5 | < 3.5.1-150400.3.24.1 | 3.5.1-150400.3.24.1 | Mar 30, 2026 | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potent | |
| CVE-2026-4426 | Med | 6.5 | < 3.5.1-150400.3.24.1 | 3.5.1-150400.3.24.1 | Mar 19, 2026 | A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO f | |
| CVE-2026-4424 | Hig | 7.5 | < 3.5.1-150400.3.24.1 | 3.5.1-150400.3.24.1 | Mar 19, 2026 | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specia | |
| CVE-2026-4111 | Hig | 7.5 | < 3.5.1-150400.3.24.1 | 3.5.1-150400.3.24.1 | Mar 13, 2026 | A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forw | |
| CVE-2025-60753 | — | < 3.5.1-150400.3.24.1 | 3.5.1-150400.3.24.1 | Nov 5, 2025 | An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). | ||
| CVE-2025-5914 | — | < 3.5.1-150400.3.21.1 | 3.5.1-150400.3.21.1 | Jun 9, 2025 | A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in me | ||
| CVE-2025-5918 | — | < 3.5.1-150400.3.21.1 | 3.5.1-150400.3.21.1 | Jun 9, 2025 | A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable progr | ||
| CVE-2025-5917 | — | < 3.5.1-150400.3.21.1 | 3.5.1-150400.3.21.1 | Jun 9, 2025 | A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, lead | ||
| CVE-2025-5916 | — | < 3.5.1-150400.3.21.1 | 3.5.1-150400.3.21.1 | Jun 9, 2025 | A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to ind | ||
| CVE-2025-5915 | — | < 3.5.1-150400.3.21.1 | 3.5.1-150400.3.21.1 | Jun 9, 2025 | A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memor | ||
| CVE-2025-25724 | — | < 3.5.1-150400.3.18.1 | 3.5.1-150400.3.18.1 | Mar 2, 2025 | list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be suf | ||
| CVE-2024-20696 | — | < 3.5.1-150400.3.15.1 | 3.5.1-150400.3.15.1 | Jan 9, 2024 | Windows libarchive Remote Code Execution Vulnerability |
- affected < 3.5.1-150400.3.24.1fixed 3.5.1-150400.3.24.1
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potent
- affected < 3.5.1-150400.3.24.1fixed 3.5.1-150400.3.24.1
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO f
- affected < 3.5.1-150400.3.24.1fixed 3.5.1-150400.3.24.1
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specia
- affected < 3.5.1-150400.3.24.1fixed 3.5.1-150400.3.24.1
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forw
- CVE-2025-60753Nov 5, 2025affected < 3.5.1-150400.3.24.1fixed 3.5.1-150400.3.24.1
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).
- CVE-2025-5914Jun 9, 2025affected < 3.5.1-150400.3.21.1fixed 3.5.1-150400.3.21.1
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in me
- CVE-2025-5918Jun 9, 2025affected < 3.5.1-150400.3.21.1fixed 3.5.1-150400.3.21.1
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable progr
- CVE-2025-5917Jun 9, 2025affected < 3.5.1-150400.3.21.1fixed 3.5.1-150400.3.21.1
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, lead
- CVE-2025-5916Jun 9, 2025affected < 3.5.1-150400.3.21.1fixed 3.5.1-150400.3.21.1
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to ind
- CVE-2025-5915Jun 9, 2025affected < 3.5.1-150400.3.21.1fixed 3.5.1-150400.3.21.1
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memor
- CVE-2025-25724Mar 2, 2025affected < 3.5.1-150400.3.18.1fixed 3.5.1-150400.3.18.1
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be suf
- CVE-2024-20696Jan 9, 2024affected < 3.5.1-150400.3.15.1fixed 3.5.1-150400.3.15.1
Windows libarchive Remote Code Execution Vulnerability