CVE-2026-4426
ADVISORY - nistSummary
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (pz_log2_bs) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.
EPSS Score: 0.00305 (0.223)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Incorrect Bitwise Shift of Integer
ADVISORY - redhat
Incorrect Bitwise Shift of Integer
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in