Vulnerability Details CVE-2022-26280
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 5.8
References
- https://github.com/libarchive/libarchive/issues/1672
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBYGJICQ7FKDZ2IIOAH423IHWQ6MNONQ/
- https://security.gentoo.org/glsa/202208-26
- https://github.com/libarchive/libarchive/issues/1672
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBYGJICQ7FKDZ2IIOAH423IHWQ6MNONQ/
- https://security.gentoo.org/glsa/202208-26
Products affected by CVE-2022-26280
-
cpe:2.3:a:libarchive:libarchive:3.6.0
-
cpe:2.3:o:fedoraproject:fedora:36