34 matches found
Astra Linux – Vulnerability in p7zip
7-ZIP ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected 7-ZIP installations. Interaction with this product is required to exploit this vulnerability, but the attack vectors may vary depending ...
CVE-2026-48103
7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM Windows Imaging archive handler's security descriptor lookup. In CHandler::GetSecurity CPP/7zip/Archive/Wim/WimHandler.cpp, the per-image SecurOffsets table...
CVE-2026-48102
7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...
Astra Linux – Vulnerability in p7zip
7-Zip 22.01 does not report an error for certain invalid xz files that involve stream flags and reserved bits. Some later versions are unaffected...
PT-2026-46964
Name of the Vulnerable Software and Affected Versions 7-Zip versions 9.34 through 26.00 Description A heap memory disclosure exists in 32-bit builds where a 32-bit integer overflow occurs in the SquashFS ReadBlock function. This allows an attacker-controlled node.Offset value to bypass fragment...
📄 7-Zip Directory Traversal / Code Execution
7-Zip versions prior to 25.00 directory traversal to code execution exploit via malicious zip file. Exploit Title: 7-Zip 25.00 - Directory Traversal to RCE via Malicious ZIP Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub:...
Astra Linux – Vulnerability in p7zip-rar
7-Zip is a file archiver with a high compression ratio. Writing zeros outside the heap buffer in the RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to version 25.0.0. Version 25.0.0 contains a fix for this issue...
Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option
A critical remote code execution RCE vulnerability in 7-Zip CVE-2025-11001 is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. When a malicious archive is extracted, 7-Zip may write files outside the intended directory, allowing an...
Exploit for CVE-2025-11001
🔥 CVE-2025-11001: Critical 7-Zip RCE Vulnerability 🔥 !7...
EUVD-2025-24018
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-53816
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service i...
SUSE CVE-2025-55188
7-Zip before 25.01 does not always properly handle symbolic links during extraction...
Exploit for Link Following in 7-Zip
CVE-2025-55188-7z-exploit --- 7-Zip Symlink Arbitrary File...
CVE-2025-55188
7-Zip before 25.01 does not always properly handle symbolic links during extraction...
KLA86580 SB vulnerability in 7-Zip
Insufficient validation vulnerability was found in 7-Zip. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2025-55188 Related products 7-Zip CVE list CVE-2025-55188 warning Solution Update to the latest version Download 7-Zip Impacts SB...
CVE-2025-55188
7-Zip before 25.01 does not always properly handle symbolic links during extraction...
PT-2025-32410
Name of the Vulnerable Software and Affected Versions 7-Zip versions prior to 25.01 Description An issue exists in 7-Zip where symbolic links are not always properly handled during the extraction of archives. This flaw allows a remote attacker to use a specially crafted archive to perform arbitra...
The vulnerability of the NArchive::NCom::CHandler::GetStream method in the 7-Zip archive processor’s Compound component allows a attacker to cause a service failure.
The vulnerability of the NArchive::NCom::CHandler::GetStream method in the 7-Zip compressor’s Compound archive handler is related to pointer swapping errors. Exploiting this vulnerability could allow an attacker to cause a service failure...
7-Zip 安全漏洞
7-Zip is a compression software from the 7-Zip open source. A security vulnerability exists in versions prior to 7-Zip 25.0.0 that originates from writing a zero value out of the heap buffer in the RAR5 handler, which could result in memory corruption and a denial of service...
VulnCheck KEV: CVE-2025-0411
7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user...