3 matches found
CVE-2026-55780
NanaZip (7‑Zip derivative) prior to version 6.5.1749.0 is vulnerable due to its .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp, which sizes the extraction buffer from the bundle entry Size field without validating against the real file size. This allows an attacker...
CVE-2026-26282
NanaZip (open source file archiver) is affected by CVE-2026-26282: an out-of-bounds heap read in the .NET Single File bundle header parser due to a missing bounds check. Affected versions are 5.0.1252.0 through prior to 6.0.1630.0; upgrading to 6.0.1630.0 patches the issue. Exploitation would req...
PT-2026-20927
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, NanaZip has an out-of-bounds heap read in .NET Single File bundle header parser due to missing bounds check. Opening a crafted file with NanaZip causes a crash or leaks heap data to the user...