51 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-55206
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in...
DEBIAN-CVE-2026-55195
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...
DEBIAN-CVE-2026-55206
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...
CVE-2026-55195
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...
CVE-2026-55206 py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read()
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...
CVE-2026-55206
CVE-2026-55206 (py7zr) affects the Python-based 7z library py7zr. The root cause is an O(n^2) cumulative-sum implementation in PackInfo._read() (archiveinfo.py) that parses attacker-controlled numstreams from archive headers. This causes excessive CPU usage during SevenZipFile.init() before extra...
CVE-2026-55195 py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...
CVE-2026-55195
CVE-2026-55195 affects the py7zr Python library (pre-1.1.3) where Worker.decompress() did not track the total decompressed size. A crafted 7z archive (e.g., 15.6 KB) could expand to ~100 MB, causing disk and memory exhaustion during extraction. This is a denial-of-service risk. The issue is fixed...
CVE-2026-55195 py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...
openSUSE 16 Security Update : python-py7zr (openSUSE-SU-2026:21159-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21159-1 advisory. Changes in python-py7zr: - CVE-2026-23879: crafted malicious symbolic link chains in an archive can lead to an arbitrary file write bsc1268669 -...
Security update for python-py7zr (important)
openSUSE security update: security update for python-py7zr ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21159-1 Rating: important References: bsc1268665 bsc1268666 bsc1268669 Cross-References: CVE-2026-23879 CVE-2026-55195 CVE-2026-55206 Affected...
python311-py7zr-1.1.3-1.1 on GA media (moderate)
python311-py7zr-1.1.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:11112-1 Rating: moderate Cross-References: CVE-2026-23879 CVE-2026-55195 CVE-2026-55206 Affected Products: openSUSE Tumbleweed An update that solves 3 vulnerabilities can now be installed. Description: These are all security...
CVE-2026-23879
A flaw was found in py7zr. An attacker can craft a malicious archive containing symbolic links that, when extracted, can lead to arbitrary file writes outside the intended directory. This vulnerability may allow for remote code execution, privilege escalation, data corruption, or denial of servic...
CVE-2026-23879
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...
DEBIAN-CVE-2026-23879
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...
UBUNTU-CVE-2026-23879
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...
CVE-2026-23879
CVE-2026-23879 relates to py7zr, a Python library for 7z archives. Versions ≤1.1.2 contain an arbitrary file write vulnerability in extractall, where crafted symbolic link chains can bypass destination-directory checks and re-create links to arbitrary system paths. This allows writing files via s...
CVE-2026-23879 py7zr: Arbitrary File Write Vulnerability
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...
CVE-2026-23879 py7zr: Arbitrary File Write Vulnerability
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...
OPENSUSE-SU-2026:11112-1 python311-py7zr-1.1.3-1.1 on GA media
These are all security issues fixed in the python311-py7zr-1.1.3-1.1 package on the GA media of openSUSE Tumbleweed...