3 matches found
CVE-2026-55206
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...
openSUSE 16 Security Update : python-py7zr (openSUSE-SU-2026:21159-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21159-1 advisory. Changes in python-py7zr: - CVE-2026-23879: crafted malicious symbolic link chains in an archive can lead to an arbitrary file write bsc1268669 -...
OPENSUSE-SU-2026:21159-1 Security update for python-py7zr
This update for python-py7zr fixes the following issues: Changes in python-py7zr: - CVE-2026-23879: crafted malicious symbolic link chains in an archive can lead to an arbitrary file write bsc1268669 - CVE-2026-55195: unchecked extraction size can cause a denial of service bsc1268665 -...