Fedora 43 : 7zip (2025-b6422d64f9)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b6422d64f9 advisory. Various CVE fixes, most importantly CVE-2025-11001 This also backports the Debian patch PR unfortunately stalled upstream, with no communication fro...

SUSE CVE-2022-47112

7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected...

PT-2025-17393 · 7 Zip +3 · 7-Zip +2

Name of the Vulnerable Software and Affected Versions: 7-Zip versions 22.01 through 24.09 Description: The issue involves 7-Zip not reporting an error for certain invalid xz files, specifically those with issues related to stream flags and reserved bits. Recommendations: For versions 22.01 throug...

UBUNTU-CVE-2023-31102

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive...

OESA-2021-1302 apache-commons-compress security update

The Apache Commons Compress library defines an API for working with ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files. Security Fixes: When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error...