Skip to content

CVE-2026-15028 (Low) detected in libarchivev3.8.5 #447

Description

@mend-bolt-for-github

CVE-2026-15028 - Low Severity Vulnerability

Vulnerable Library - libarchivev3.8.5

Multi-format archive and compression library

Library home page: https://github.com/libarchive/libarchive.git

Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb

Found in base branches: stable/4.0, master

Vulnerable Source Files (1)

/contrib/libarchive/libarchive/archive_read_support_format_tar.c

Vulnerability Details

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.

Publish Date: 2026-07-10

URL: CVE-2026-15028

CVSS 3 Score Details (3.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.


Step up your Open Source Security Game with Mend here

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions