CVE-2026-15028

Publication date 10 July 2026

Last updated 10 July 2026


Ubuntu priority

Cvss 3 Severity Score

3.9 · Low

Score breakdown

Description

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.

Status

Package Ubuntu Release Status
libarchive 26.04 LTS resolute
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty
Needs evaluation

Severity score breakdown

CVSS version: CVSS v3.0

Base score 3.9 · Low

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L


Access our resources on patching vulnerabilities