Monthly
Libarchive fails to properly validate the pz_log2_bs field in ISO9660 Rock Ridge extensions during zisofs decompression, allowing remote attackers to supply a crafted ISO file that triggers undefined behavior and causes denial-of-service through incorrect memory allocation and application crashes. The vulnerability requires user interaction (ISO file opening) but no authentication, affects libarchive across multiple distributions, and carries a moderate EPSS score (0.11%, 30th percentile) suggesting low current exploitation probability despite the moderate CVSS severity.
Libarchive fails to properly validate the pz_log2_bs field in ISO9660 Rock Ridge extensions during zisofs decompression, allowing remote attackers to supply a crafted ISO file that triggers undefined behavior and causes denial-of-service through incorrect memory allocation and application crashes. The vulnerability requires user interaction (ISO file opening) but no authentication, affects libarchive across multiple distributions, and carries a moderate EPSS score (0.11%, 30th percentile) suggesting low current exploitation probability despite the moderate CVSS severity.