CVE-2026-6340

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...

CVE-2026-32926

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!loadlinkinf. Opening a crafted V7 file may lead to information disclosure from the affected product...

CVE-2026-32927

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!settemptypedefault. Opening a crafted V7 file may lead to information disclosure from the affected product...

CVE-2026-32929

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!getmacromemCOM. Opening a crafted V7 file may lead to information disclosure from the affected product...

CVE-2026-32929

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!getmacromemCOM. Opening a crafted V7 file may lead to information disclosure from the affected product...

CVE-2026-32926

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!loadlinkinf. Opening a crafted V7 file may lead to information disclosure from the affected product...

PT-2026-29650

CVE-2026-32929 V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get macro mem COM. Opening a crafted V7 file may lead to information disclosure from the… https://t.co/VzwAV69g6I...

CVE-2025-47753

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CDrawSLine::GetRectArea function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution...

SUSE CVE-2015-8922

The readCodersInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted 7z file, related to the 7zfolder struct...

SUSE CVE-2016-1372

ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted 7z file...

DEBIAN-CVE-2022-44900

A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...

Yi Home Camera Code Execution Vulnerability (CNVD-2018-22813)

Yi Home Camera is an IoT home camera sold worldwide. A code execution vulnerability exists in the firmware update function of the Yi Home Camera 27US 1.8.7.0D. An attacker can cause a CRC conflict by inserting an SD card and exploiting the vulnerability via a specially crafted 7-Zip file, which c...

CVE-2018-3920

An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability...

UBUNTU-CVE-2016-1372

ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted 7z file...