rpm package
suse/libarchive&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP6
pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5121 | Hig | 7.5 | < 3.7.2-150600.3.20.1 | 3.7.2-150600.3.20.1 | Mar 30, 2026 | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potent | |
| CVE-2026-4426 | Med | 6.5 | < 3.7.2-150600.3.20.1 | 3.7.2-150600.3.20.1 | Mar 19, 2026 | A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO f | |
| CVE-2026-4424 | Hig | 7.5 | < 3.7.2-150600.3.20.1 | 3.7.2-150600.3.20.1 | Mar 19, 2026 | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specia | |
| CVE-2026-4111 | Hig | 7.5 | < 3.7.2-150600.3.20.1 | 3.7.2-150600.3.20.1 | Mar 13, 2026 | A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forw | |
| CVE-2025-60753 | — | < 3.7.2-150600.3.20.1 | 3.7.2-150600.3.20.1 | Nov 5, 2025 | An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). |
- affected < 3.7.2-150600.3.20.1fixed 3.7.2-150600.3.20.1
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potent
- affected < 3.7.2-150600.3.20.1fixed 3.7.2-150600.3.20.1
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO f
- affected < 3.7.2-150600.3.20.1fixed 3.7.2-150600.3.20.1
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specia
- affected < 3.7.2-150600.3.20.1fixed 3.7.2-150600.3.20.1
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forw
- CVE-2025-60753Nov 5, 2025affected < 3.7.2-150600.3.20.1fixed 3.7.2-150600.3.20.1
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).