CVE-2026-4424

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions libarchive (affected versions not specified)

Description A heap out-of-bounds read issue exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. An attacker can exploit this by providing a specially crafted RAR archive, potentially leading to the disclosure of sensitive heap memory information. This does not require authentication or user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2026:8492

ALSA-2026:8510

ALSA-2026:8534

BDU:2026-07534

CVE-2026-4424

ECHO-0051-E755-E08E

OESA-2026-1942

OESA-2026-1943

OESA-2026-1944

OESA-2026-1945

RHSA-2026:8492

RHSA-2026:8510

RHSA-2026:8517

RHSA-2026:8521

RHSA-2026:8534

RHSA-2026:8864

RHSA-2026:8865

RHSA-2026:8866

RHSA-2026:8867

RHSA-2026:8873

RHSA-2026:8908

RHSA-2026:8944

RHSA-2026:9026

RHSA-2026:9592

USN-8292-1

Affected Products

Linuxmint

Rar

Rocky Linux

Ubuntu

Libarchive

CVE-2026-4424

Weakness Enumeration

Related Identifiers

Affected Products

References · 87