Description
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.
Published: 2026-03-19
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via malformed ISO processing
Action: Apply Workaround
AI Analysis

Impact

A flaw in libarchive’s zisofs decompression logic allows a specially crafted ISO9660 file to trigger undefined behavior. When the bad ‘pz_log2_bs’ field is read, libarchive can allocate an incorrect amount of memory, causing the application that uses libarchive to crash. The crash results in a denial‑of‑service condition for any process that attempts to read the file. This weakness is classified as CWE‑1335.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux 10, 6, 7, 8, and 9, as well as Red Hat Hardened Images and Red Hat OpenShift Container Platform 4. The affected component is the libarchive library bundled with these distributions. No specific version ranges are listed, so any deployment of libarchive on these systems remains potentially vulnerable until an official fix is released.

Risk and Exploitability

With a CVSS score of 6.5, the severity is moderate, and an EPSS score of less than 1 % indicates that active exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a malicious ISO file that a user or service processes through libarchive. Because the attack vector is through local or potentially remote file handling, administrators should restrict exposure by controlling which ISO images are processed and by keeping the library up to date once a patch is available.

Generated by OpenCVE AI on April 9, 2026 at 19:36 UTC.

Remediation

Vendor Workaround

To mitigate this issue, avoid processing untrusted ISO9660 images with `libarchive`. Restricting the sources of ISO files and ensuring they originate from trusted entities can prevent exploitation.

OpenCVE Recommended Actions

  • Avoid processing untrusted ISO9660 images with libarchive
  • Restrict ISO file sources to trusted originators
  • Update libarchive to the latest version provided by Red Hat when available
  • Audit and monitor processes that use libarchive for unexpected crashes
  • If possible, disable ISO9660 support in libarchive or use an alternative library

Generated by OpenCVE AI on April 9, 2026 at 19:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Fri, 20 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Libarchive
Libarchive libarchive
Redhat openshift Container Platform
Vendors & Products Libarchive
Libarchive libarchive
Redhat openshift Container Platform

Fri, 20 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 19 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.
Title Libarchive: libarchive: denial of service via malformed iso file processing
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-1335
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Libarchive Libarchive
Redhat Enterprise Linux Hummingbird Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-09T17:27:15.847Z

Reserved: 2026-03-19T12:43:31.427Z

Link: CVE-2026-4426

cve-icon Vulnrichment

Updated: 2026-03-20T15:19:15.227Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T15:16:28.510

Modified: 2026-03-20T13:39:46.493

Link: CVE-2026-4426

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-19T00:00:00Z

Links: CVE-2026-4426 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:46:26Z

Weaknesses