Primary

Context

libarchive Undefined Behavior Vulnerability in Zisofs Decompression Logic Leading to Denial-of-Service

Vulnerability

A vulnerability causing undefined behavior has been identified in the libarchive library's zisofs decompression logic. This issue arises from inadequate validation of the pz_log2_bs field, which is read from ISO9660 Rock Ridge extensions and used as a shift exponent. A remote attacker can exploit this vulnerability by providing a specially crafted ISO file, which can lead to incorrect memory allocation and application crashes, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability can cause applications to crash, exit, or restart, creating a denial-of-service condition.

Remediation

To mitigate this vulnerability, avoid processing untrusted ISO9660 images with libarchive. Ensure that ISO files are sourced from trusted entities.

Added: Mar 19, 2026, 3:20 PM

Updated: Mar 19, 2026, 3:20 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.5

remediation

7.9

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.5

remediation

7.9

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libarchive Undefined Behavior Vulnerability in Zisofs Decompression Logic Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

libarchive

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating