← Back to home
wid-sec-w-2026-0923  ·  Published 2026-03-30  ·  View on BSI CERT-Bund ↗

libarchive: Vulnerability allows Code execution

CVSS 9.8 CRITICAL

Risk Summary

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

CVEs (1)

Affected Vendors

Open Source

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more