Amazon Linux 2023 : p7zip, p7zip-plugins (ALAS2023-2024-705)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-705 advisory. The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 for 7zz contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buff...

CVE-2023-52168

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 for 7zz contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512i-2, for i=9, i=10, i=11, etc...

CVE-2023-52169

CVE-2023-52169 affects 7-Zip NTFS handling: the NtfsHandler.cpp reads beyond allocated buffers, which could cause information disclosure by presenting extra bytes as part of a filename in a file system image. The vulnerability is in 7-Zip before version 24.01 (for 7zz) and has been acknowledged i...

CVE-2023-52168

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 for 7zz contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512i-2, for i=9, i=10, i=11, etc...