In p7zip-17.03, the function NCompress::CCopyCoder::Code in CPP/7zip/Common/StreamObjects.cpp will call outStream->Write where a memcpy uses a NULL pointer as destination address, leading to a crash (CVE-2021-3465). Null pointer dereference in function Reserve() found in p7zip 16.02 (rhbz#1951218). Null Pointer Dereference in function NArchive::NLzh::CItem::GetUnixTime found in p7zip 16.02 (rhbz#1951224). The p7zip package has been patched to fix these issues. Also, the Mageia 7 package has been updated to version 17.03.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | p7zip | < 17.03-1.1 | p7zip-17.03-1.1.mga7 |
Mageia | 8 | noarch | p7zip | < 17.03-1.1 | p7zip-17.03-1.1.mga8 |