GHSA-p59g-85vj-3mvfLowCVSS 3.9
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap...
🔗 CVE IDs covered (1)
📋 Description
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.
🔗 References (6)
- https://nvd.nist.gov/vuln/detail/CVE-2026-15028
- https://github.com/libarchive/libarchive/issues/3251
- https://github.com/libarchive/libarchive/pull/3253
- https://access.redhat.com/security/cve/CVE-2026-15028
- https://bugzilla.redhat.com/show_bug.cgi?id=2497970
- https://github.com/advisories/GHSA-p59g-85vj-3mvf