CVE Catalog

CVE-2026-14164

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

A double free vulnerability has been found in libarchive's RAR5 reader. During processing of a specially crafted RAR5 archive, the filtered_buf pointer may become stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition.

Risk Assessment

Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service (DoS).

Recommendation

Update libarchive to a patched version immediately. Until then, avoid opening untrusted RAR5 archives.

Original NVD description (English source)

A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition. Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS