CVE-2026-4426

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libarchive (affected versions not specified)

Description An issue exists in libarchive’s zisofs decompression logic. Improper validation of the pz log2 bs field read from ISO9660 Rock Ridge extensions can lead to undefined behavior. An attacker can exploit this by providing a specially crafted ISO file. This can result in incorrect memory allocation and potential application crashes, leading to a denial-of-service (DoS) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1335

Related Identifiers

CVE-2026-4426

ECHO-F87D-FF1F-0CCD

OESA-2026-1940

OESA-2026-1941

OESA-2026-1942

OESA-2026-1943

OESA-2026-1944

OESA-2026-1945

RHSA-2026:8944

USN-8292-1

Affected Products

Linuxmint

Ubuntu

Libarchive

CVE-2026-4426

Weakness Enumeration

Related Identifiers

Affected Products

References · 33