EUVD-2026-17073
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
Analysis
Integer overflow in libarchive's zisofs block pointer allocation on 32-bit systems allows remote code execution when processing specially crafted ISO9660 images. A remote attacker can provide a malicious ISO file that triggers a heap buffer overflow, potentially achieving arbitrary code execution on affected systems. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Vendor Status
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 3.4.3-2+deb11u1 | - |
| bullseye (security) | vulnerable | 3.4.3-2+deb11u3 | - |
| bookworm | vulnerable | 3.6.2-1+deb12u3 | - |
| bookworm (security) | vulnerable | 3.6.2-1+deb12u2 | - |
| trixie | vulnerable | 3.7.4-4 | - |
| forky, sid | vulnerable | 3.8.5-1 | - |
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today