Skip to main content

libarchive CVE-2026-15028

| EUVDEUVD-2026-42865 LOW
Heap-based Buffer Overflow (CWE-122)
2026-07-10 secalert@redhat.com GHSA-p59g-85vj-3mvf
3.9
CVSS 3.1 · Vendor: redhat

Severity by source

Vendor (redhat) PRIMARY
3.9 LOW
AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
vuln.today AI
7.8 HIGH

No privileges needed to process an archive; UI:R reflects required file-open interaction; C:H/I:H/A:H reflects the credible RCE claim from the vendor description, which the official low-impact metrics do not capture.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 10:45 vuln.today

DescriptionCVE.org

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.

AnalysisAI

Heap overflow in libarchive's PAX extended header parser allows exploitation via a maliciously crafted tar archive containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation of the affected system could result in a denial of service condition or, in more serious cases, arbitrary code execution under the privileges of the process invoking libarchive. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft tar archive with malformed SUN.holesdata PAX header
Delivery
Deliver archive to target via download, upload, or repository
Exploit
Victim or process opens archive with libarchive
Execution
Heap overflow triggered in PAX header parser
Impact
Heap corruption causes crash (DoS) or enables code execution

Vulnerability AssessmentAI

Exploitation Exploitation requires that a victim process invokes libarchive to parse a tar archive containing a PAX extended header with a crafted SUN.holesdata sparse-file attribute. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The official CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L) and the resulting score of 3.9 suggest a low-severity, locally-exploitable issue with limited impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts or delivers a specially crafted tar archive containing a PAX extended header with a malformed SUN.holesdata attribute value designed to overflow the heap buffer during parsing. A user or automated process (package manager, backup agent, file extraction pipeline) using a vulnerable libarchive build processes the archive, triggering the overflow. …
Remediation The primary fix is applying the upstream patch available via GitHub pull request #3253 (https://github.com/libarchive/libarchive/pull/3253); a formal tagged release version was not independently confirmed from the available data, so downstream consumers should monitor the libarchive release page and their distribution's security advisories for a packaged update. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15028 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy