CVE-2026-4426

Name of the Vulnerable Software and Affected Versions libarchive (affected versions not specified)

Description An issue exists in libarchive’s zisofs decompression logic. Improper validation of the pz log2 bs field read from ISO9660 Rock Ridge extensions can lead to undefined behavior. An attacker can exploit this by providing a specially crafted ISO file. This can result in incorrect memory allocation and potential application crashes, leading to a denial-of-service (DoS) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.