CVE-2026-14164
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
A double free vulnerability has been found in libarchive's RAR5 reader. During processing of a specially crafted RAR5 archive, the filtered_buf pointer may become stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition.
Risk Assessment
Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service (DoS).
Recommendation
Update libarchive to a patched version immediately. Until then, avoid opening untrusted RAR5 archives.
Original NVD description (English source)
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition. Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service.

