A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition. Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service.
References
Configurations
No configuration.
History
30 Jun 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
30 Jun 2026, 13:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/libarchive/libarchive/issues/3069 - |
30 Jun 2026, 07:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-30 07:16
Updated : 2026-06-30 18:16
NVD link : CVE-2026-14164
Mitre link : CVE-2026-14164
CVE.ORG link : CVE-2026-14164
JSON object : View
Products Affected
No product.
CWE
CWE-415
Double Free
