120 matches found
CVE-2026-55783 NanaZip: NULL pointer dereference in Extract() of all seven NanaZip custom archive handlers when extracting/testing the whole archive
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...
Directory Traversal
Overview org.webjars.npm:decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Directory Traversal and link following during archive extraction, where symlink and hardlink entries are created without checking their targets and the...
[SECURITY] Fedora 43 Update: 7zip-26.02-1.fc43
7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...
[SECURITY] Fedora 44 Update: 7zip-26.02-1.fc44
7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...
RHEL 9 : libarchive (RHSA-2026:24383)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24383 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...
CVE-2026-44604
CVE-2026-44604 affects the RPM rpmuncompress utility. The vulnerability arises when extracting ZIP, 7z, or GEM archives to a destination directory: the archive’s top-level folder name is inserted into a shell command without proper sanitization, allowing a crafted archive with shell metacharacter...
CVE-2026-44604 Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
[SECURITY] Fedora 44 Update: libarchive-3.8.7-1.fc44
Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...
[SECURITY] Fedora 44 Update: libarchive-3.8.6-1.fc44
Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...
CVE-2026-3219
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...
libarchive security update
An update is available for libarchive. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libarchive programming library can create and read several different...
OpenClaw 安全漏洞
OpenClaw is a tool for working with archived files. A denial of service vulnerability exists in OpenClaw. An attacker can exploit this vulnerability to exhaust CPU, memory, and disk resources via a highly inflated ZIP/TAR archive file, resulting in service degradation or system unavailability...
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the extractArchive function in src/infra/archive.ts. An attacker can cause excessive resource consumption by submitting specially...
CVE-2026-24846
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...
Function Call With Incorrect Order of Arguments
Overview Affected versions of this package are vulnerable to Function Call With Incorrect Order of Arguments via the handleSymlink function. An attacker can create symlinks outside the intended extraction directory by providing a specially crafted tar or deb archive that exploits argument confusi...
EUVD-2005-3193
Malware in sbrugna...
EUVD-2006-2520
Malware in sbrugna...
EUVD-2010-1453
Malware in sbrugna...
EUVD-2008-7103
Malware in sbrugna...