7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

INTRODUCTION In 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of weaponizing this vulnerability and creating a fully working...

7zip NArchive::NHfs::CHandler::ExtractZlibFile method heap buffer overflow vulnerability

7-Zip is a free, open source compression/decompression software. A heap buffer overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7-Zip 32 15.05 beta and 64 9.20. An attacker can exploit this vulnerability to execute arbitrary code...

7Zip UDF CInArchive::ReadFileItem Code Execution Vulnerability

7Zip is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:7-zip:7-zip"; ifdescription...

CVE-2016-2335

7-Zip/p7zip vulnerability CVE-2016-2335 affects the CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp for 7zip 9.20 and 15.05 beta, enabling out-of-bounds read and potential code execution via the PartitionRef in the Long Allocation Descriptor of a UDF file. Connected advisories confirm a ...