Description
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition. Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service.
Published: 2026-06-30
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic double‑free bug in libarchive's RAR5 reader. During unpacking state reinitialization, the filtered_buf pointer can be left pointing to freed memory. When the next archive entry is processed, a second free on the same region can occur, causing a double‑free condition. An attacker who can supply a crafted RAR5 archive may trigger this and cause the host application to crash or terminate unexpectedly, resulting in a denial of service.

Affected Systems

Affected vendors include Red Hat Enterprise Linux 10, 6, 7, 8, 9, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4. No specific version numbers are listed, so any installation that includes the vulnerable libarchive package may be impacted as long as RAR5 support is present.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. EPSS is not available, but the double‑free can be exploited if an attacker can feed a malicious file to the application. Since the vulnerability is not in CISA’s KEV catalog, no known exploits have been publicly reported yet. The risk is moderate‑high, especially for services that parse user‑supplied archives or run with elevated privileges.

Generated by OpenCVE AI on June 30, 2026 at 08:20 UTC.

Remediation

Vendor Workaround

No mitigation is currently available that meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Customers are advised to apply the appropriate security update once it becomes available.

OpenCVE Recommended Actions

  • Monitor Red Hat Product Security for an upcoming security update that patches libarchive.
  • When the update becomes available, apply it to all affected systems immediately to remove the vulnerable code path.
  • As a temporary measure, disable or remove RAR5 archive handling, or restrict input to trusted sources. If possible, use a content filter or drop the RAR5 support in your application configuration.
  • Run applications that use libarchive in a confined environment such as a sandbox or container with least privilege so that a crash cannot affect the host.

Generated by OpenCVE AI on June 30, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
References

Tue, 30 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 30 Jun 2026 07:15:00 +0000

Type Values Removed Values Added
Description A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition. Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service.
Title Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack()
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Weaknesses CWE-415
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Enterprise Linux Hummingbird Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-30T17:09:25.612Z

Reserved: 2026-06-30T05:30:04.144Z

Link: CVE-2026-14164

cve-icon Vulnrichment

Updated: 2026-06-30T12:20:11.389Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T08:30:04Z

Weaknesses