Heap-based Buffer Overflow Affecting libarchive package, versions [0,]


Severity

Recommended
0.0
low
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.2% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Heap-based Buffer Overflow vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CONAN-LIBARCHIVE-17933171
  • published10 Jul 2026
  • disclosed8 Jul 2026
  • creditUnknown

Introduced: 8 Jul 2026

NewCVE-2026-15028  (opens in a new tab)
CWE-122  (opens in a new tab)

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the parsing process of a tar archive containing a PAX extended header with a malformed SUN.holesdata sparse-file attribute. An attacker can cause a heap overflow and out-of-bounds read by supplying a specially crafted tar archive, potentially leading to denial of service or arbitrary code execution.

CVSS Base Scores

version 4.0
version 3.1