HighPublic exploit

Out-of-bounds access in libarchive RAR parser

IdentifiersCVE-2024-48958CWE-125· Out-of-bounds Read

CVE-2024-48958 is an out-of-bounds access vulnerability in libarchive, specifically in the execute_filter_delta function in archive_read_support_format_rar.c in versions before 3.7.5. When libarchive processes a crafted RAR archive, incorrect bounds handling can allow the src pointer to move beyond dst, resulting in an out-of-bounds memory access during archive parsing. The issue is triggered by malicious archive content and affects software that relies on vulnerable libarchive code for handling RAR files.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can cause a crash or other abnormal process behavior due to invalid memory access while parsing a malicious RAR archive. Depending on the consuming application and runtime conditions, the bug may also expose process memory contents or contribute to further memory corruption impacts. The provided content identifies it as an out-of-bounds access issue in file parsing logic.

Mitigation

If you can’t patch tonight, do this now.

Until patches can be applied, avoid processing untrusted or externally supplied RAR archives with software linked against vulnerable libarchive versions. Disable RAR handling where feasible, isolate archive-processing workflows in sandboxes or low-privilege contexts, and use file-type filtering or content inspection to reduce exposure to malicious archive files.

Remediation

Patch, then assume compromise.

Upgrade libarchive to version 3.7.5 or later, where the vulnerability is fixed. For downstream products that bundle or statically link libarchive, apply the vendor-provided security update that incorporates the patched libarchive version. Apple indicates this issue was addressed in its affected products through security updates that include the upstream fix.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

LibarchiveLibarchiveapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

apple supportNews

Jan 25, 2026

About the security content of visionOS 2.4 - Apple Support

An input validation vulnerability in open source code affecting Apple software (including Apple Vision Pro), with the CVE assigned by a third party.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity4