2 matches found
CVE-2026-47222 NanaZip: Heap out-of-bounds read in NanaZip AVB property descriptor parser via unsigned integer underflow
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a...
CVE-2026-47222
NanaZip (derivative of 7-Zip) contains a heap out-of-bounds read in the AVB vbmeta image parser (via AvbHandler) affecting versions 3.0.1000.0 through before 6.0.1698.0. An unsigned integer underflow in a bounds check lets attacker-controlled value_num_bytes pass validation, causing AddNameToStri...