CVE-2026-15028 - Low Severity Vulnerability
Vulnerable Library - libarchivev3.8.5
Multi-format archive and compression library
Library home page: https://github.com/libarchive/libarchive.git
Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb
Found in base branches: stable/4.0, master
Vulnerable Source Files (1)
/contrib/libarchive/libarchive/archive_read_support_format_tar.c
Vulnerability Details
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.
Publish Date: 2026-07-10
URL: CVE-2026-15028
CVSS 3 Score Details (3.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend here
CVE-2026-15028 - Low Severity Vulnerability
Multi-format archive and compression library
Library home page: https://github.com/libarchive/libarchive.git
Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb
Found in base branches: stable/4.0, master
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.
Publish Date: 2026-07-10
URL: CVE-2026-15028
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here