A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | 3.10-main | noarch | p7zip | < 16.02-r1 | UNKNOWN |
Alpine | 3.11-main | noarch | p7zip | < 16.02-r1 | UNKNOWN |
Alpine | 3.12-main | noarch | p7zip | < 16.02-r1 | UNKNOWN |
Alpine | 3.13-main | noarch | p7zip | < 16.02-r1 | UNKNOWN |
Alpine | 3.14-main | noarch | p7zip | < 16.02-r1 | UNKNOWN |
Alpine | 3.15-main | noarch | p7zip | < 16.02-r1 | UNKNOWN |
Alpine | 3.16-main | noarch | p7zip | < 16.02-r1 | UNKNOWN |
Alpine | 3.17-main | noarch | p7zip | < 16.02-r1 | UNKNOWN |
Alpine | 3.5-main | noarch | p7zip | < 16.02-r1 | UNKNOWN |
Alpine | 3.6-main | noarch | p7zip | < 16.02-r1 | UNKNOWN |