Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-26T16:07:55 libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CWE-787

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.

This heap buffer overflow in libsolv's page decompression logic can lead to out-of-bounds reads and writes when processing specially crafted `.solv` files. Exploitation requires a victim application to ingest malicious repository metadata, limiting the attack vector to scenarios involving user interaction or untrusted content sources. Given the user interaction needed, Red Hat Product Security has rated this vulnerability as having a impact of Moderate. This issue was discovered by Found by AISLE in partnership with Red Hat. Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat Hardened Images 2026-05-27T00:00:00Z RHSA-2026:21333 libsolv-main-0.7.38-2.hum1 Red Hat Enterprise Linux 10 Affected libsolv Red Hat Enterprise Linux 7 Affected libsolv Red Hat Enterprise Linux 8 Affected libsolv Red Hat Enterprise Linux 9 Affected libsolv Red Hat OpenShift Container Platform 4 Affected rhcos Red Hat Satellite 6 Affected satellite-capsule:el8/libsolv Red Hat Update Infrastructure 4 for Cloud Providers Affected libsolv https://www.cve.org/CVERecord?id=CVE-2026-48864 https://nvd.nist.gov/vuln/detail/CVE-2026-48864