{"id":"USN-8147-1","summary":"libarchive vulnerabilities","details":"It was discovered that libarchive incorrectly handled certain archive\nfiles. An attacker could possibly use this issue to access sensitive\ninformation. This issue only affected Ubuntu 14.04 LTS. (CVE-2019-19221)\n\nIt was discovered that libarchive incorrectly handled certain RAR archive\nfiles. If a user or automated system were tricked into processing a\nspecially crafted RAR archive, an attacker could possibly use this issue to\ncause libarchive to crash, resulting in a denial of service, or execute\narbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS\nand Ubuntu 18.04 LTS. (CVE-2024-20696)\n\nIt was discovered that libarchive incorrectly handled certain RAR archive\nfiles. An attacker could possibly use this issue to execute arbitrary code\nor cause a denial of service. This issue only affected Ubuntu 14.04 LTS,\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5914)\n\nIt was discovered that libarchive incorrectly handled certain WARC archive\nfiles. If a user or automated system were tricked into processing a\nspecially crafted WARC archive, an attacker could possibly use this issue\nto cause libarchive to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5916)\n\nIt was discovered that libarchive incorrectly handled certain file names\nwhen handling prefixes and suffixes. An attacker could possibly use this\nissue to cause libarchive to crash, resulting in a denial of service. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS\nand Ubuntu 20.04 LTS. (CVE-2025-5917)\n\nIt was discovered that libarchive could read past the end of file streams\nwhen processing input to bsdtar. An attacker could possibly use this issue\nto cause memory corruption or a denial of service. (CVE-2025-5918)\n\nIt was discovered that libarchive incorrectly handled certain TAR archive\nfiles. If a user or automated system were tricked into processing a\nspecially crafted TAR archive, an attacker could possibly use this issue to\ncause libarchive to crash, resulting in a denial of service, or execute\narbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS\nand Ubuntu 18.04 LTS. (CVE-2025-25724)\n\nHyungJung Joo discovered that libarchive did not properly limit memory\nallocation when processing substitution rules in bsdtar. An attacker could\npossibly use this issue to cause excessive memory consumption, leading to a\ndenial of service. (CVE-2025-60753)\n\nElhanan Haenel discovered that libarchive could enter an infinite loop when\nprocessing crafted RAR5 archives. An attacker could possibly use this issue\nto cause excessive CPU consumption, leading to a denial of service. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS\nand Ubuntu 25.10. (CVE-2026-4111)","modified":"2026-04-07T12:29:18.630221620Z","published":"2026-04-02T18:23:39Z","related":["UBUNTU-CVE-2019-19221","UBUNTU-CVE-2024-20696","UBUNTU-CVE-2025-25724","UBUNTU-CVE-2025-5914","UBUNTU-CVE-2025-5916","UBUNTU-CVE-2025-5917","UBUNTU-CVE-2025-5918","UBUNTU-CVE-2025-60753","UBUNTU-CVE-2026-4111"],"upstream":["CVE-2019-19221","CVE-2024-20696","CVE-2025-25724","CVE-2025-5914","CVE-2025-5916","CVE-2025-5917","CVE-2025-5918","CVE-2025-60753","CVE-2026-4111","UBUNTU-CVE-2019-19221","UBUNTU-CVE-2024-20696","UBUNTU-CVE-2025-25724","UBUNTU-CVE-2025-5914","UBUNTU-CVE-2025-5916","UBUNTU-CVE-2025-5917","UBUNTU-CVE-2025-5918","UBUNTU-CVE-2025-60753","UBUNTU-CVE-2026-4111"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8147-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19221"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-20696"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-5914"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-5916"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-5917"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-5918"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-25724"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-60753"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-4111"}],"affected":[{"package":{"name":"libarchive","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/libarchive@3.1.2-7ubuntu2.8+esm4?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.2-7ubuntu2.8+esm4"}]}],"versions":["3.1.2-5ubuntu1","3.1.2-7ubuntu1","3.1.2-7ubuntu2","3.1.2-7ubuntu2.1","3.1.2-7ubuntu2.2","3.1.2-7ubuntu2.3","3.1.2-7ubuntu2.4","3.1.2-7ubuntu2.6","3.1.2-7ubuntu2.7","3.1.2-7ubuntu2.8","3.1.2-7ubuntu2.8+esm1","3.1.2-7ubuntu2.8+esm3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro","binaries":[{"binary_version":"3.1.2-7ubuntu2.8+esm4","binary_name":"bsdcpio"},{"binary_version":"3.1.2-7ubuntu2.8+esm4","binary_name":"bsdtar"},{"binary_version":"3.1.2-7ubuntu2.8+esm4","binary_name":"libarchive-dev"},{"binary_version":"3.1.2-7ubuntu2.8+esm4","binary_name":"libarchive13"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2019-19221","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2024-20696","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5914","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5916","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5917","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5918","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2025-25724","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-60753","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2026-4111","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8147-1.json"}},{"package":{"name":"libarchive","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/libarchive@3.1.2-11ubuntu0.16.04.8+esm2?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.2-11ubuntu0.16.04.8+esm2"}]}],"versions":["3.1.2-11build1","3.1.2-11ubuntu0.16.04.1","3.1.2-11ubuntu0.16.04.2","3.1.2-11ubuntu0.16.04.3","3.1.2-11ubuntu0.16.04.4","3.1.2-11ubuntu0.16.04.5","3.1.2-11ubuntu0.16.04.6","3.1.2-11ubuntu0.16.04.7","3.1.2-11ubuntu0.16.04.8","3.1.2-11ubuntu0.16.04.8+esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"3.1.2-11ubuntu0.16.04.8+esm2","binary_name":"bsdcpio"},{"binary_version":"3.1.2-11ubuntu0.16.04.8+esm2","binary_name":"bsdtar"},{"binary_version":"3.1.2-11ubuntu0.16.04.8+esm2","binary_name":"libarchive-dev"},{"binary_version":"3.1.2-11ubuntu0.16.04.8+esm2","binary_name":"libarchive13"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2024-20696","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5914","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5916","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5917","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5918","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2025-25724","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-60753","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2026-4111","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8147-1.json"}},{"package":{"name":"libarchive","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/libarchive@3.2.2-3.1ubuntu0.7+esm2?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.2-3.1ubuntu0.7+esm2"}]}],"versions":["3.2.2-3.1","3.2.2-3.1ubuntu0.1","3.2.2-3.1ubuntu0.2","3.2.2-3.1ubuntu0.3","3.2.2-3.1ubuntu0.4","3.2.2-3.1ubuntu0.5","3.2.2-3.1ubuntu0.6","3.2.2-3.1ubuntu0.7","3.2.2-3.1ubuntu0.7+esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"3.2.2-3.1ubuntu0.7+esm2","binary_name":"bsdcpio"},{"binary_version":"3.2.2-3.1ubuntu0.7+esm2","binary_name":"bsdtar"},{"binary_version":"3.2.2-3.1ubuntu0.7+esm2","binary_name":"libarchive-dev"},{"binary_version":"3.2.2-3.1ubuntu0.7+esm2","binary_name":"libarchive-tools"},{"binary_version":"3.2.2-3.1ubuntu0.7+esm2","binary_name":"libarchive13"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2024-20696","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5914","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5916","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5917","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5918","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2025-25724","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-60753","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2026-4111","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8147-1.json"}},{"package":{"name":"libarchive","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/libarchive@3.4.0-2ubuntu1.5+esm1?arch=source&distro=esm-infra/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.0-2ubuntu1.5+esm1"}]}],"versions":["3.4.0-1","3.4.0-1build1","3.4.0-1ubuntu2","3.4.0-2ubuntu1","3.4.0-2ubuntu1.1","3.4.0-2ubuntu1.2","3.4.0-2ubuntu1.3","3.4.0-2ubuntu1.4","3.4.0-2ubuntu1.5"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"3.4.0-2ubuntu1.5+esm1","binary_name":"libarchive-dev"},{"binary_version":"3.4.0-2ubuntu1.5+esm1","binary_name":"libarchive-tools"},{"binary_version":"3.4.0-2ubuntu1.5+esm1","binary_name":"libarchive13"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2025-5914","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5916","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5917","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-5918","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2025-60753","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2026-4111","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8147-1.json"}},{"package":{"name":"libarchive","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/libarchive@3.6.0-1ubuntu1.6?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.0-1ubuntu1.6"}]}],"versions":["3.4.3-2","3.4.3-2build1","3.5.2-1","3.5.2-1ubuntu1","3.6.0-1ubuntu1","3.6.0-1ubuntu1.1","3.6.0-1ubuntu1.2","3.6.0-1ubuntu1.3","3.6.0-1ubuntu1.4","3.6.0-1ubuntu1.5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.6.0-1ubuntu1.6","binary_name":"libarchive-dev"},{"binary_version":"3.6.0-1ubuntu1.6","binary_name":"libarchive-tools"},{"binary_version":"3.6.0-1ubuntu1.6","binary_name":"libarchive13"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2025-5918","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2025-60753","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2026-4111","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8147-1.json"}},{"package":{"name":"libarchive","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/libarchive@3.7.2-2ubuntu0.6?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.2-2ubuntu0.6"}]}],"versions":["3.6.2-1ubuntu1","3.7.2-1ubuntu1","3.7.2-1ubuntu2","3.7.2-1.1ubuntu2","3.7.2-2","3.7.2-2ubuntu0.1","3.7.2-2ubuntu0.2","3.7.2-2ubuntu0.3","3.7.2-2ubuntu0.4","3.7.2-2ubuntu0.5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.7.2-2ubuntu0.6","binary_name":"libarchive-dev"},{"binary_version":"3.7.2-2ubuntu0.6","binary_name":"libarchive-tools"},{"binary_version":"3.7.2-2ubuntu0.6","binary_name":"libarchive13t64"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2025-5918","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2025-60753","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2026-4111","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:24.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8147-1.json"}},{"package":{"name":"libarchive","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/libarchive@3.7.7-0ubuntu3.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.7-0ubuntu3.1"}]}],"versions":["3.7.7-0ubuntu2","3.7.7-0ubuntu2.1","3.7.7-0ubuntu2.2","3.7.7-0ubuntu3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.7.7-0ubuntu3.1","binary_name":"libarchive-dev"},{"binary_version":"3.7.7-0ubuntu3.1","binary_name":"libarchive-tools"},{"binary_version":"3.7.7-0ubuntu3.1","binary_name":"libarchive13t64"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2025-5918","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2025-60753","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2026-4111","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:25.10"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8147-1.json"}}],"schema_version":"1.7.5"}