CVE-2026-5121— Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

CVSS 7.5 · High EPSS 0.08% · P24 Updated May 09, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-5121

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

整数溢出或超界折返

Source: NVD (National Vulnerability Database)

Vulnerability Title

libarchive 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

libarchive是libarchive开源的一款多格式存档和压缩库。 libarchive存在安全漏洞，该漏洞源于在32位系统上，zisofs块指针分配逻辑存在整数溢出，可能导致堆缓冲区溢出和执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	0:3.1.2-14.el7_9.2 ~ *	`cpe:/o:redhat:rhel_els:7`
Red Hat	Red Hat Enterprise Linux 8	0:3.3.3-7.el8_10 ~ *	`cpe:/a:redhat:enterprise_linux:8::crb`
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	0:3.3.2-8.el8_2.2 ~ *	`cpe:/o:redhat:rhel_aus:8.2::baseos`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	0:3.3.3-1.el8_4.2 ~ *	`cpe:/o:redhat:rhel_aus:8.4::baseos`
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	0:3.3.3-1.el8_4.2 ~ *	`cpe:/o:redhat:rhel_aus:8.4::baseos`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	0:3.3.3-6.el8_6.1 ~ *	`cpe:/o:redhat:rhel_aus:8.6::baseos`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	0:3.3.3-6.el8_6.1 ~ *	`cpe:/o:redhat:rhel_aus:8.6::baseos`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	0:3.3.3-6.el8_6.1 ~ *	`cpe:/o:redhat:rhel_aus:8.6::baseos`
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	0:3.3.3-5.el8_8.2 ~ *	`cpe:/o:redhat:rhel_e4s:8.8::baseos`
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	0:3.3.3-5.el8_8.2 ~ *	`cpe:/o:redhat:rhel_e4s:8.8::baseos`
Red Hat	Red Hat Enterprise Linux 9	0:3.5.3-9.el9_7 ~ *	`cpe:/a:redhat:enterprise_linux:9::appstream`
Red Hat	Red Hat Enterprise Linux 9	0:3.5.3-9.el9_7 ~ *	`cpe:/a:redhat:enterprise_linux:9::appstream`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	0:3.5.3-2.el9_0.4 ~ *	`cpe:/a:redhat:rhel_e4s:9.0::appstream`
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	0:3.5.3-5.el9_2.2 ~ *	`cpe:/a:redhat:rhel_e4s:9.2::appstream`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	0:3.5.3-5.el9_4 ~ *	`cpe:/a:redhat:rhel_eus:9.4::appstream`
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	0:3.5.3-7.el9_6.1 ~ *	`cpe:/a:redhat:rhel_eus:9.6::appstream`
Red Hat	Red Hat OpenShift Container Platform 4.12	412.86.202604281506-0 ~ *	`cpe:/a:redhat:openshift:4.12::el8`
Red Hat	Red Hat OpenShift Container Platform 4.16	416.94.202604211449-0 ~ *	`cpe:/a:redhat:openshift:4.16::el9`
Red Hat	RHEL-8 based Middleware Containers	7.13.5-4.1777325677 ~ *	`cpe:/a:redhat:rhosemc:1.0::el8`
Red Hat	RHEL-8 based Middleware Containers	7.13.5-4.1777325711 ~ *	`cpe:/a:redhat:rhosemc:1.0::el8`
Red Hat	RHEL-8 based Middleware Containers	7.13.5-4.1777325710 ~ *	`cpe:/a:redhat:rhosemc:1.0::el8`
Red Hat	RHEL-8 based Middleware Containers	7.13.5-3.1777325680 ~ *	`cpe:/a:redhat:rhosemc:1.0::el8`
Red Hat	RHEL-8 based Middleware Containers	7.13.5-4.1777325709 ~ *	`cpe:/a:redhat:rhosemc:1.0::el8`
Red Hat	RHEL-8 based Middleware Containers	7.13.5-4.1777325680 ~ *	`cpe:/a:redhat:rhosemc:1.0::el8`
Red Hat	RHEL-8 based Middleware Containers	7.13.5-4.1777325708 ~ *	`cpe:/a:redhat:rhosemc:1.0::el8`
Red Hat	Red Hat Discovery 2	1778156756 ~ *	`cpe:/a:redhat:discovery:2::el9`
Red Hat	Red Hat Hardened Images	3.8.7-1.hum1 ~ *	`cpe:/a:redhat:hummingbird:1`
Red Hat	Red Hat Insights proxy 1.5	1776868961 ~ *	`cpe:/a:redhat:insights_proxy:1.5::el9`
Red Hat	Red Hat Update Infrastructure 5	1776868774 ~ *	`cpe:/a:redhat:rhui:5::el9`
Red Hat	Red Hat Update Infrastructure 5	1776868744 ~ *	`cpe:/a:redhat:rhui:5::el9`
Red Hat	Red Hat Update Infrastructure 5	1776868772 ~ *	`cpe:/a:redhat:rhui:5::el9`
Red Hat	Red Hat Update Infrastructure 5	1776868842 ~ *	`cpe:/a:redhat:rhui:5::el9`
Red Hat	Red Hat Update Infrastructure 5	1777459441 ~ *	`cpe:/a:redhat:rhui:5::el9`
Red Hat	Red Hat Update Infrastructure 5	1777454300 ~ *	`cpe:/a:redhat:rhui:5::el9`
Red Hat	Red Hat Update Infrastructure 5	1777459504 ~ *	`cpe:/a:redhat:rhui:5::el9`
Red Hat	Red Hat Enterprise Linux 10	-	`cpe:/o:redhat:enterprise_linux:10`
Red Hat	Red Hat Enterprise Linux 6	-	`cpe:/o:redhat:enterprise_linux:6`

II. Public POCs for CVE-2026-5121

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

Qwen3.6-35B-A3B · 9319 chars

Paid plan includes:

In-depth vulnerability mechanism

Trigger conditions & impact

Full executable POC code

Exploit chain & mitigation

POC zip download

100+ AI POC generations per month

Upgrade Pro to unlock ¥99/month Sign up first

III. Intelligence Information for CVE-2026-5121

请登录查看更多情报信息。

FIX - iso9660: validate pz_log2_bs, add test for 32-bit heap overflow by ElhananHaenel · Pull Request #2934 · libarchive/libarchive · GitHub
A flaw was found in libarchive. On 32-bit systems, an... · CVE-2026-5121 · GitHub Advisory Database · GitHub
https://access.redhat.com/security/cve/CVE-2026-5121vdb-entryx_refsource_REDHAT
2452945 – (CVE-2026-5121) CVE-2026-5121 libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processingissue-trackingx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8873vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9026vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8510vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8521vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8534vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8517vendor-advisoryx_refsource_REDHAT
RHSA-2026:13812 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
RHSA-2026:10097 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
RHSA-2026:14937 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12274vendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2026-5121

Same Patch Batch · Red Hat · 2026-03-30 · 4 CVEs total

CVE-2026-5164	6.7 MEDIUM	Virtio-win: virtio-win: denial of service via unvalidated descriptor count in unmap reques
CVE-2026-5165	6.7 MEDIUM	Virtio-win: virtio-win: memory corruption via use-after-free in virtio blk device reset
CVE-2026-5119	5.9 MEDIUM	Libsoup: libsoup: information disclosure via cleartext transmission of cookies during http

IV. Related Vulnerabilities

Same vendor: Red Hat

Same weakness: CWE-190

V. Comments for CVE-2026-5121

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-5121— Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

I. Basic Information for CVE-2026-5121

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-5121

III. Intelligence Information for CVE-2026-5121

Same Patch Batch · Red Hat · 2026-03-30 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-5121

Leave a comment