HIGH SeverityCVSS 3.17.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2026-5121
Last updated Apr 16, 2026 · Published Mar 30, 2026
Description
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
Affected products
1 listed- Red Hat:Red Hat Enterprise Linux 10; Red Hat:Red Hat Enterprise Linux 6; Red Hat:Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat:Red Hat Enterprise Linux 8; Red Hat:Red Hat Enterprise Linux 8.2 Advanced Update Support; Red Hat:Red Hat Enterprise Linux 9; Red Hat:Red Hat Hardened Images; Red Hat:Red Hat OpenShift Container Platform 4
Mappings
CWE
CWE-190
CAPEC
None listed.
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms