Critical libarchive Flaws Enable Memory Disclosure and Code Execution
Ubuntu security updates address three vulnerabilities in libarchive affecting RAR, ISO, and zisofs handling. Attackers could exploit these flaws to leak sensitive data, crash services, or achieve arbitrary code execution on vulnerable systems.
TL;DR
- Three CVEs patched in libarchive: out-of-bounds read in RAR parsing (CVE-2026-4424), memory allocation flaw in ISO handling (CVE-2026-4426), and heap buffer overflow in zisofs on 32-bit systems (CVE-2026-5121)
- Out-of-bounds read vulnerability could disclose sensitive memory contents to attackers via malicious RAR archives
- Heap buffer overflow in zisofs block pointer allocation poses arbitrary code execution risk on 32-bit platforms
- Denial of service possible through crafted ISO files triggering incorrect memory allocation
- Immediate patching recommended for systems using libarchive for archive extraction and processing
Canonical has released security updates addressing three vulnerabilities in libarchive, a widely-used library for reading and writing archive formats. The flaws affect handling of RAR archives, ISO files, and zisofs compressed images, with severity ranging from information disclosure to potential remote code execution.
These vulnerabilities are particularly concerning because libarchive is commonly integrated into file managers, backup tools, and server-side archive processing applications. Organizations relying on libarchive for untrusted archive handling should prioritize patching to prevent exploitation.
The vulnerabilities demonstrate how archive parsing—often considered a low-risk operation—can introduce critical security gaps when not properly validated.
Vulnerability Details
- CVE-2026-4424: Out-of-bounds read in RAR archive parsing allows attackers to leak sensitive memory contents through crafted files
- CVE-2026-4426: Incorrect memory allocation logic in ISO file handling enables denial of service attacks
- CVE-2026-5121: Heap buffer overflow in zisofs block pointer allocation on 32-bit systems could lead to arbitrary code execution
Attack Surface and Risk
- Attackers can trigger vulnerabilities by distributing malicious archive files via email, downloads, or file-sharing services
- Information disclosure risk allows extraction of cryptographic keys, credentials, or other sensitive data from process memory
- 32-bit systems face elevated risk from heap overflow exploitation due to reduced address space complexity
- Automated archive extraction workflows without user interaction increase exposure to silent exploitation
Remediation Guidance
- Apply Ubuntu security updates immediately to systems running affected libarchive versions
- Validate and test archive processing workflows after patching to ensure compatibility
- Consider sandboxing archive extraction operations to limit impact of potential exploits
- Monitor for suspicious archive files or extraction errors that may indicate exploitation attempts
Sources
Fontes
Atualizações de segurança por e-mail
Um e-mail resumo quando publicarmos novos artigos de segurança (TL;DR e links para ler mais). Cancele a inscrição a qualquer momento no rodapé da mensagem. Veja nossa Política de Privacidade.