CVE-2026-4426

ADVISORY - nist

Summary

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (pz_log2_bs) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1335⁠

Incorrect Bitwise Shift of Integer

ADVISORY - redhat

CWE-1335⁠

Incorrect Bitwise Shift of Integer

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.