Bug 2452945 (CVE-2026-5121) - CVE-2026-5121 libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing
Summary: CVE-2026-5121 libarchive: libarchive: Arbitrary code execution via integer ov...
Keywords:
Status: NEW
Alias: CVE-2026-5121
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-30 07:40 UTC by OSIDB Bzimport
Modified: 2026-05-27 16:02 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2026:12157 0 None None None 2026-04-30 11:04:30 UTC
Red Hat Product Errata RHBA-2026:8558 0 None None None 2026-04-16 19:42:31 UTC
Red Hat Product Errata RHBA-2026:8613 0 None None None 2026-04-16 22:25:07 UTC
Red Hat Product Errata RHBA-2026:8614 0 None None None 2026-04-16 22:34:28 UTC
Red Hat Product Errata RHBA-2026:8615 0 None None None 2026-04-16 22:31:03 UTC
Red Hat Product Errata RHBA-2026:8844 0 None None None 2026-04-20 01:23:50 UTC
Red Hat Product Errata RHBA-2026:8846 0 None None None 2026-04-20 02:06:34 UTC
Red Hat Product Errata RHBA-2026:8955 0 None None None 2026-04-20 11:32:27 UTC
Red Hat Product Errata RHBA-2026:8957 0 None None None 2026-04-20 11:40:36 UTC
Red Hat Product Errata RHBA-2026:8958 0 None None None 2026-04-20 13:05:06 UTC
Red Hat Product Errata RHBA-2026:8959 0 None None None 2026-04-20 11:38:20 UTC
Red Hat Product Errata RHBA-2026:9485 0 None None None 2026-04-21 20:04:55 UTC
Red Hat Product Errata RHBA-2026:9486 0 None None None 2026-04-21 19:34:44 UTC
Red Hat Product Errata RHBA-2026:9802 0 None None None 2026-04-22 17:05:44 UTC
Red Hat Product Errata RHSA-2026:10097 0 None None None 2026-04-30 12:11:00 UTC
Red Hat Product Errata RHSA-2026:12071 0 None None None 2026-05-11 08:45:55 UTC
Red Hat Product Errata RHSA-2026:12274 0 None None None 2026-05-08 20:57:08 UTC
Red Hat Product Errata RHSA-2026:13812 0 None None None 2026-05-05 17:49:52 UTC
Red Hat Product Errata RHSA-2026:14773 0 None None None 2026-05-13 14:16:34 UTC
Red Hat Product Errata RHSA-2026:15087 0 None None None 2026-05-13 13:55:09 UTC
Red Hat Product Errata RHSA-2026:17596 0 None None None 2026-05-20 13:27:36 UTC
Red Hat Product Errata RHSA-2026:20040 0 None None None 2026-05-27 16:02:02 UTC
Red Hat Product Errata RHSA-2026:8510 0 None None None 2026-04-16 16:10:01 UTC
Red Hat Product Errata RHSA-2026:8517 0 None None None 2026-04-16 16:40:25 UTC
Red Hat Product Errata RHSA-2026:8521 0 None None None 2026-04-16 16:43:56 UTC
Red Hat Product Errata RHSA-2026:8534 0 None None None 2026-04-16 18:12:21 UTC
Red Hat Product Errata RHSA-2026:8864 0 None None None 2026-04-20 02:48:46 UTC
Red Hat Product Errata RHSA-2026:8866 0 None None None 2026-04-20 03:55:07 UTC
Red Hat Product Errata RHSA-2026:8867 0 None None None 2026-04-20 02:15:22 UTC
Red Hat Product Errata RHSA-2026:8873 0 None None None 2026-04-20 03:43:24 UTC
Red Hat Product Errata RHSA-2026:8908 0 None None None 2026-04-20 05:15:53 UTC
Red Hat Product Errata RHSA-2026:9026 0 None None None 2026-04-20 13:04:21 UTC
Red Hat Product Errata RHSA-2026:9592 0 None None None 2026-04-22 05:59:43 UTC

Description OSIDB Bzimport 2026-03-30 07:40:48 UTC 
On 32-bit systems, an integer overflow in the zisofs block pointer allocation logic (archive_read_support_format_iso9660.c, line 1537) wraps the allocation size to zero. malloc(0) returns a ~16-byte buffer, but the code records the un-wrapped size (~4 GB) and proceeds to memcpy() attacker-controlled ISO data into the tiny buffer - a heap buffer overflow WRITE. On 64-bit systems the overflow doesn't wrap and malloc fails safely. Shares root cause with vulnerability #2 (unvalidated pz_log2_bs).Requirements to exploit: The target must be a 32-bit system processing a crafted ISO9660 image via libarchive. The attacker needs to deliver the ISO to an application that extracts or reads its contents. Exploitation to RCE would require heap grooming specific to the target allocator/platform.
Comment 1 errata-xmlrpc 2026-04-16 16:09:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:8510 https://access.redhat.com/errata/RHSA-2026:8510
Comment 2 errata-xmlrpc 2026-04-16 16:40:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:8517 https://access.redhat.com/errata/RHSA-2026:8517
Comment 3 errata-xmlrpc 2026-04-16 16:43:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:8521 https://access.redhat.com/errata/RHSA-2026:8521
Comment 4 errata-xmlrpc 2026-04-16 18:12:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:8534 https://access.redhat.com/errata/RHSA-2026:8534
Comment 5 errata-xmlrpc 2026-04-20 02:15:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:8867 https://access.redhat.com/errata/RHSA-2026:8867
Comment 6 errata-xmlrpc 2026-04-20 02:48:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:8864 https://access.redhat.com/errata/RHSA-2026:8864
Comment 7 errata-xmlrpc 2026-04-20 03:43:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:8873 https://access.redhat.com/errata/RHSA-2026:8873
Comment 8 errata-xmlrpc 2026-04-20 03:55:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:8866 https://access.redhat.com/errata/RHSA-2026:8866
Comment 9 errata-xmlrpc 2026-04-20 05:15:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:8908 https://access.redhat.com/errata/RHSA-2026:8908
Comment 10 errata-xmlrpc 2026-04-20 13:04:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:9026 https://access.redhat.com/errata/RHSA-2026:9026
Comment 11 errata-xmlrpc 2026-04-22 05:59:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:9592 https://access.redhat.com/errata/RHSA-2026:9592
Comment 13 errata-xmlrpc 2026-04-30 12:10:59 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2026:10097 https://access.redhat.com/errata/RHSA-2026:10097
Comment 16 errata-xmlrpc 2026-05-05 17:49:51 UTC 
This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2026:13812 https://access.redhat.com/errata/RHSA-2026:13812
Comment 20 errata-xmlrpc 2026-05-08 20:57:07 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2026:12274 https://access.redhat.com/errata/RHSA-2026:12274
Comment 21 errata-xmlrpc 2026-05-11 08:45:54 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2026:12071 https://access.redhat.com/errata/RHSA-2026:12071
Comment 22 errata-xmlrpc 2026-05-13 13:55:08 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2026:15087 https://access.redhat.com/errata/RHSA-2026:15087
Comment 23 errata-xmlrpc 2026-05-13 14:16:33 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2026:14773 https://access.redhat.com/errata/RHSA-2026:14773
Comment 24 errata-xmlrpc 2026-05-20 13:27:35 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2026:17596 https://access.redhat.com/errata/RHSA-2026:17596
Comment 25 errata-xmlrpc 2026-05-27 16:02:01 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.19

Via RHSA-2026:20040 https://access.redhat.com/errata/RHSA-2026:20040
Note You need to log in before you can comment on or make changes to this bug.