Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 9:16 p.m.7 views

py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read()

Summary PackInfo.read uses an On^2 cumulative sum pattern where numstreams is read directly from the archive header. A crafted .7z archive with a large numstreams value causes excessive CPU consumption during SevenZipFile.init — no extraction is needed. A 50 KB archive takes 7 seconds of CPU time...

8.7CVSS5.8AI score0.00321EPSS
Exploits0References3Affected Software1
Gitee
Gitee
added 2019/07/18 9:3 a.m.4 views

EQGRP

This repository is an exploit module for the Linux operating system, specifically targeting the 7z file archiver. The exploit is designed to take advantage of a vulnerability in the 7z library, which is used by the 7z file archiver. The vulnerability allows an attacker to execute arbitrary code o...

7.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/17 6:13 a.m.4 views

Self-Extracting Archives created by 7-ZIP32.DLL may insecurely load Dynamic Link Libraries

Overview 7-ZIP32.DLL is an open source library for compressing and decompressing 7z and zip format files. It can also create self-extracting archive files. Self-extracting archive files created by 7-ZIP32.DLL contain an issue with the DLL search path, which may lead to insecurely loading Dynamic...

7.8CVSS6.8AI score0.00816EPSS
Exploits0References5
OSV
OSV
added 2016/11/12 2:59 a.m.1 views

DEBIAN-CVE-2016-9296

A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause ...

7.5CVSS7.4AI score0.07016EPSS
Exploits1References1
Rows per page
Query Builder