Known Vulnerabilities for products from Libarchive

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libarchive".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-5745 json Not Provided 2026-04-07 2026-04-07
CVE-2026-5121 json A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer alloc... Not Provided 2026-03-30 2026-04-23
CVE-2026-4424 json Not Provided 2026-03-19 2026-04-23
CVE-2026-4111 json Not Provided 2026-03-13 2026-04-23
CVE-2023-30571 json Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk... 5.3 - MEDIUM 2023-05-29 2023-06-05
CVE-2022-36227 json In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NUL... 9.8 - CRITICAL 2022-11-22 2024-03-27
CVE-2022-28066 json ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26280. Reason: This candidate is a duplicate of CVE-2022-... Not Provided 2022-05-04 2023-11-07
CVE-2022-26280 json Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. 6.5 - MEDIUM 2022-03-28 2023-11-07
CVE-2021-36976 json libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). 6.5 - MEDIUM 2021-07-20 2024-03-27
CVE-2021-31566 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.8 - HIGH 2022-08-23 2024-03-27
CVE-2021-23177 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.8 - HIGH 2022-08-23 2022-12-03
CVE-2020-21674 json Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attack... 6.5 - MEDIUM 2020-10-15 2020-10-26
CVE-2020-9308 json archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted hea... 8.8 - HIGH 2020-02-20 2023-11-07
CVE-2019-1000020 json libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop ... 6.5 - MEDIUM 2019-02-04 2023-11-07
CVE-2019-1000019 json libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-o... 6.5 - MEDIUM 2019-02-04 2023-11-07
CVE-2019-19221 json In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mb... 5.5 - MEDIUM 2019-11-21 2023-11-07
CVE-2019-18408 json archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a c... 7.5 - HIGH 2019-10-24 2023-11-07
CVE-2019-11463 json A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote a... 5.5 - MEDIUM 2019-04-23 2020-12-08
CVE-2018-1000880 json libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improp... 6.5 - MEDIUM 2018-12-20 2023-11-07
CVE-2018-1000879 json libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL ... 6.5 - MEDIUM 2018-12-20 2023-11-07
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Libarchive

Type Vendor Product Version
ApplicationLibarchiveLibarchive2.6.0