Known Vulnerabilities for products from Libarchive
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libarchive".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-53655 json | Not Provided | 2026-06-22 | 2026-06-23 | |
| CVE-2026-15028 json | Not Provided | 2026-07-10 | 2026-07-13 | |
| CVE-2026-14164 json | Not Provided | 2026-06-30 | 2026-06-30 | |
| CVE-2026-5745 json | A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within... | Not Provided | 2026-04-07 | 2026-05-03 |
| CVE-2026-5121 json | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer alloc... | Not Provided | 2026-03-30 | 2026-07-14 |
| CVE-2026-4426 json | A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by impro... | Not Provided | 2026-03-19 | 2026-05-03 |
| CVE-2026-4424 json | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to ... | Not Provided | 2026-03-19 | 2026-06-30 |
| CVE-2026-4111 json | Not Provided | 2026-03-13 | 2026-06-30 | |
| CVE-2025-5918 json | A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bs... | Not Provided | 2025-06-09 | 2026-06-30 |
| CVE-2025-5917 json | Not Provided | 2025-06-09 | 2026-06-30 | |
| CVE-2025-5916 json | A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered w... | Not Provided | 2025-06-09 | 2026-06-30 |
| CVE-2025-5915 json | A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size ... | Not Provided | 2025-06-09 | 2026-06-30 |
| CVE-2025-5914 json | A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() fu... | Not Provided | 2025-06-09 | 2026-07-14 |
| CVE-2023-30571 json | Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk... | 5.3 - MEDIUM | 2023-05-29 | 2023-06-05 |
| CVE-2022-36227 json | In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NUL... | 9.8 - CRITICAL | 2022-11-22 | 2024-03-27 |
| CVE-2022-28066 json | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26280. Reason: This candidate is a duplicate of CVE-2022-... | Not Provided | 2022-05-04 | 2023-11-07 |
| CVE-2022-26280 json | Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. | 6.5 - MEDIUM | 2022-03-28 | 2023-11-07 |
| CVE-2021-36976 json | libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). | 6.5 - MEDIUM | 2021-07-20 | 2024-03-27 |
| CVE-2021-31566 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-08-23 | 2024-03-27 |
| CVE-2021-23177 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-08-23 | 2022-12-03 |
Known software with vulnerabilities from Libarchive
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Libarchive | Libarchive | 2.6.0 |