Ghostwire

CVE-2026-15028: A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a...

LOW CVSS 3.9 Exploit Available

Published: July 10, 2026 | Last Modified: July 11, 2026

Description

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References