CVE-2026-48104 GHSL-2026-120: 7-Zip SquashFS BlockToNode uninitialized heap read

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, blockToNode is allocated with capacity for every metadata block but populated...

CVE-2026-48095 GHSL-2026-140_7-Zip: 7-Zip has a heap buffer overflow via NTFS compressed stream buffer under-allocation

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers to cause arbitrary code execution or application...

EUVD-2026-34838

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers to cause arbitrary code execution or application...

CVE-2026-48092

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer overflow in the SquashFS ReadBlock function allows an attacker-controlled node.Offset value to bypass...

OPENSUSE-SU-2026:10942-1 7zip-26.01-1.1 on GA media

These are all security issues fixed in the 7zip-26.01-1.1 package on the GA media of openSUSE Tumbleweed...

MediaArea heap-based buffer overflow vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed four vulnerabilities in MediaArea MediaInfoLib library. The vulnerabilities mentioned in this blog post have been patched by their respective vendor, in adherence to Cisco 's third-party vulnerability disclosure policy. For...

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the Channel Splitting functionality of MediaInfoLib versions: 26.01. A specially crafted .riff file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Confirmed Vulnerable...

CVE-2026-7712 MindsDB Pickle pickle.loads deserialization

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...