CVE-2026-5121
Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing
CVSS Score
7.5
EPSS Score
0.1%
EPSS Percentile
20th
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
| CWE | CWE-190 |
| Vendor | red hat |
| Product | red hat enterprise linux 7 extended lifecycle support |
| Published | Mar 30, 2026 |
| Last Updated | Jun 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 7 extended lifecycle support
Be the first to know when new high vulnerabilities affecting red hat red hat enterprise linux 7 extended lifecycle support are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.18
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.19
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / Red Hat AI Inference Server 3.2
All versions affected Red Hat / Red Hat AI Inference Server 3.2
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat Discovery 2
All versions affected Red Hat / Red Hat Hardened Images
All versions affected Red Hat / Red Hat Insights proxy 1.5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10065 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10097 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11768 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12071 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12274 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:13812 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:14773 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:14937 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:15087 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16008 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16009 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16030 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16174 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:17596 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19724 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19725 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:20040 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:21690 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8510 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8517 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8521 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8534 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8864 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8866 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8867 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8873 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8908 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8944 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9026 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9592 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9832 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-5121 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2452945 github.com: https://github.com/advisories/GHSA-2vwv-vqpv-v8vc github.com: https://github.com/libarchive/libarchive/pull/2934
Credits
Red Hat would like to thank Elhanan Haenel for reporting this issue.