libarchive 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and vendor risk memory corruption などに関し、一部は vendor impact unexpected behavior を招き、ファイル処理、自動展開, and アーカイブ処理 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-5745 | A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to cras | [email protected] | 5.5 | 0.01% | 2026-04-07 | 2026-05-03 |
| CVE-2026-5121 | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system. | [email protected] | 7.5 | 0.09% | 2026-03-30 | 2026-06-04 |
| CVE-2026-4426 | A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition. | [email protected] | 6.5 | 0.19% | 2026-03-19 | 2026-05-03 |
| CVE-2026-4424 | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction. | [email protected] | 7.5 | 0.10% | 2026-03-19 | 2026-06-04 |
| CVE-2025-60753 | An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). | [email protected] | 5.5 | 0.02% | 2025-11-05 | 2026-02-04 |
| CVE-2025-5918 | A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition. | [email protected] | 3.9 | 0.11% | 2025-06-09 | 2025-08-15 |
| CVE-2025-5917 | A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0. | [email protected] | 2.8 | 0.12% | 2025-06-09 | 2025-12-12 |
| CVE-2025-5916 | A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive v | [email protected] | 3.9 | 0.10% | 2025-06-09 | 2025-12-12 |
| CVE-2025-5915 | A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions. | [email protected] | 6.6 | 0.09% | 2025-06-09 | 2026-01-08 |
| CVE-2025-5914 | A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. | [email protected] | 7.8 | 0.11% | 2025-06-09 | 2026-02-05 |
| CVE-2024-48615 | Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8. | [email protected] | 7.5 | 0.29% | 2025-03-28 | 2025-04-14 |
| CVE-2025-25724 | list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale. | [email protected] | 4.0 | 0.01% | 2025-03-02 | 2025-07-17 |
| CVE-2025-1632 | A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 4.8 | 0.03% | 2025-02-24 | 2025-03-25 |
| CVE-2024-48958 | execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | [email protected] | 7.8 | 0.11% | 2024-10-10 | 2025-11-03 |
| CVE-2024-48957 | execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | [email protected] | 7.8 | 0.09% | 2024-10-10 | 2025-09-29 |
| CVE-2024-37407 | Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c. | [email protected] | 9.1 | 0.55% | 2024-06-08 | 2025-04-29 |
| CVE-2024-26256 | Libarchive Remote Code Execution Vulnerability | [email protected] | 7.8 | 38.27% | 2024-04-09 | 2025-01-08 |
| CVE-2023-30571 | Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. | [email protected] | 3.9 | 0.04% | 2023-05-29 | 2025-01-14 |
| CVE-2022-36227 | In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution." | [email protected] | 9.8 | 0.55% | 2022-11-22 | 2025-11-03 |
| CVE-2021-31566 | An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. | [email protected] | 7.8 | 0.03% | 2022-08-23 | 2024-11-21 |