CVE-2024-48957
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-48957 is a vulnerability in libarchive versions prior to 3.7.5, specifically in the execute_filter_audio function within archive_read_support_format_rar.c, which allows for out-of-bounds access through crafted archive files. The affected products include a variety of software and libraries that utilize libarchive, posing a high risk due to potential integrity and confidentiality impacts. Remediation involves updating to libarchive version 3.7.5 or later, as detailed in the patches available on GitHub. The vulnerability requires local user interaction for exploitation and has an exploitability score of 1.8, indicating that while it is not trivial to exploit, it remains a significant security concern for organizations using the affected products. If successfully exploited, it could lead to severe consequences, including unauthorized data access or system instability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.