CRITICALCVE-2026-5121Published 2026-03-30Modified 2026-05-28CNA redhat

CVE-2026-5121: Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: 0:3.1.2-14.el7_9.2
Affected Products: 48

Fix available

0:3.1.2-14.el7_9.20:3.3.2-8.el8_2.20:3.3.3-1.el8_4.20:3.3.3-5.el8_8.20:3.3.3-6.el8_6.10:3.3.3-7.el8_100:3.5.3-2.el9_0.40:3.5.3-5.el9_2.20:3.5.3-5.el9_40:3.5.3-7.el9_6.10:3.5.3-9.el9_73.8.7-1.hum14.19.9.6.202605201155-07.13.5-3.17773256807.13.5-4.17773256777.13.5-4.17773256807.13.5-4.17773257087.13.5-4.17773257097.13.5-4.17773257107.13.5-4.1777325711412.86.202604281506-0414.92.202605060243-0415.92.202605060220-0416.94.202604211449-0417.94.202605112123-0418.94.202604240015-0177686874417768687721776868774177686884217768689611777454300177745944117774595041778156756177824453117782445461778244559177827466617792236511779223654

Affected packages

Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
Fixed in 0:3.1.2-14.el7_9.2
Red Hat / Red Hat Enterprise Linux 8
Fixed in 0:3.3.3-7.el8_10
Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
Fixed in 0:3.3.2-8.el8_2.2
Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Fixed in 0:3.3.3-1.el8_4.2
Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Fixed in 0:3.3.3-1.el8_4.2
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Fixed in 0:3.3.3-6.el8_6.1
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Fixed in 0:3.3.3-6.el8_6.1
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Fixed in 0:3.3.3-6.el8_6.1
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Fixed in 0:3.3.3-5.el8_8.2
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Fixed in 0:3.3.3-5.el8_8.2
Red Hat / Red Hat Enterprise Linux 9
Fixed in 0:3.5.3-9.el9_7
Red Hat / Red Hat Enterprise Linux 9
Fixed in 0:3.5.3-9.el9_7
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Fixed in 0:3.5.3-2.el9_0.4
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Fixed in 0:3.5.3-5.el9_2.2
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
Fixed in 0:3.5.3-5.el9_4
Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
Fixed in 0:3.5.3-7.el9_6.1
Red Hat / Red Hat OpenShift Container Platform 4.12
Fixed in 412.86.202604281506-0
Red Hat / Red Hat OpenShift Container Platform 4.14
Fixed in 414.92.202605060243-0
Red Hat / Red Hat OpenShift Container Platform 4.15
Fixed in 415.92.202605060220-0
Red Hat / Red Hat OpenShift Container Platform 4.16
Fixed in 416.94.202604211449-0
Red Hat / Red Hat OpenShift Container Platform 4.17
Fixed in 417.94.202605112123-0
Red Hat / Red Hat OpenShift Container Platform 4.18
Fixed in 418.94.202604240015-0
Red Hat / Red Hat OpenShift Container Platform 4.19
Fixed in 4.19.9.6.202605201155-0
Red Hat / RHEL-8 based Middleware Containers
Fixed in 7.13.5-4.1777325677
Red Hat / RHEL-8 based Middleware Containers
Fixed in 7.13.5-4.1777325711
Red Hat / RHEL-8 based Middleware Containers
Fixed in 7.13.5-4.1777325710
Red Hat / RHEL-8 based Middleware Containers
Fixed in 7.13.5-3.1777325680
Red Hat / RHEL-8 based Middleware Containers
Fixed in 7.13.5-4.1777325709
Red Hat / RHEL-8 based Middleware Containers
Fixed in 7.13.5-4.1777325680
Red Hat / RHEL-8 based Middleware Containers
Fixed in 7.13.5-4.1777325708

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Metrics

Fix available