This page lists publicly disclosed CVE vulnerabilities affecting opensuse libsolv (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-48864 | A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service. | [email protected] | 7.8 | 0.01% | 2026-05-26 | 2026-05-28 |
| CVE-2026-9149 | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS). | [email protected] | 6.5 | 0.06% | 2026-05-21 | 2026-06-02 |
| CVE-2026-9150 | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system. | [email protected] | 6.5 | 0.01% | 2026-05-20 | 2026-06-02 |
| CVE-2021-44568 | Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. | [email protected] | 6.5 | 0.19% | 2022-02-21 | 2024-11-21 |
| CVE-2021-33938 | Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | [email protected] | 7.5 | 0.06% | 2021-09-02 | 2024-11-21 |
| CVE-2021-33930 | Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | [email protected] | 7.5 | 0.07% | 2021-09-02 | 2024-11-21 |
| CVE-2021-33929 | Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | [email protected] | 7.5 | 0.04% | 2021-09-02 | 2024-11-21 |
| CVE-2021-33928 | Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | [email protected] | 7.5 | 0.04% | 2021-09-02 | 2024-11-21 |
| CVE-2021-3200 | Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service | [email protected] | 3.3 | 0.05% | 2021-05-18 | 2024-11-21 |
| CVE-2019-20387 | repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. | [email protected] | 7.5 | 0.23% | 2020-01-21 | 2024-11-21 |
| CVE-2018-20534 | There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application | [email protected] | 6.5 | 0.94% | 2018-12-28 | 2024-11-21 |
| CVE-2018-20533 | There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | [email protected] | 6.5 | 0.55% | 2018-12-28 | 2024-11-21 |
| CVE-2018-20532 | There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | [email protected] | 6.5 | 0.52% | 2018-12-28 | 2024-11-21 |