Launchpad.net

CVE 2022-26280

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.

CVE-2022-26280 (Candidate) is related to these bugs:

Bug #1967127: [FFe] update libarchive to 3.6.0

Summary				In	Importance	Status
	1967127	[FFe] update libarchive to 3.6.0		libarchive (Ubuntu)	Undecided	Fix Released
	1967127	[FFe] update libarchive to 3.6.0		evince (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.