Lucene search
K

29 matches found

NVD
NVD
added last week7 views

CVE-2026-55206

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...

8.7CVSS0.00321EPSS
Exploits0References3
EUVD
EUVD
added last week6 views

EUVD-2026-42295

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS5.9AI score0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added last week33 views

CVE-2026-14966 Symlink guard bypass in unarchive module allows planting symlinks during extraction

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS0.00291EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 5:16 p.m.2 views

CVE-2026-20215

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...

7.5CVSS6.1AI score
Exploits0References1
OSV
OSV
added 2026/06/23 12:46 p.m.2 views

OPENSUSE-SU-2026:21038-1 Security update for 7zip

This update for 7zip fixes the following issues Update to 26.01: - CVE-2026-48092: Information disclosure in 32-bit builds due to heap memory disclosure bsc1267858. - CVE-2026-48095: Heap buffer overflow via NTFS compressed stream buffer under-allocation bsc1267421. - CVE-2026-48101: Information...

8.8CVSS6.4AI score0.00938EPSS
Exploits8References16
GithubExploit
GithubExploit
added 2026/06/20 3:43 a.m.124 views

ghidra-12.1.2-rce-ace-calc-poc

Ghidra 12.1.2 Conditional ACE/RCE Calc PoCs This repository p...

6.5AI score
Exploits0
OSV
OSV
added 2026/06/19 9:16 p.m.7 views

GHSA-H4GH-22QQ-72R7 py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read()

Summary PackInfo.read uses an On^2 cumulative sum pattern where numstreams is read directly from the archive header. A crafted .7z archive with a large numstreams value causes excessive CPU consumption during SevenZipFile.init — no extraction is needed. A 50 KB archive takes 7 seconds of CPU time...

6.9CVSS5.8AI score0.00321EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/05 5:12 p.m.7 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the ParseLibSymbols function when parsing a BSD-style .SYMDEF symbol table. An attacker can access sensitive information from uninitialized heap memory by providing a specially crafted Unix ar archive...

7.1CVSS5.4AI score0.00267EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/05 4:46 p.m.9 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SquashFS ReadBlock function. An attacker can cause disclosure of heap memory contents by providing a specially crafted SquashFS archive with a manipulated node.Offset value, which bypasses fragment bounds check...

8.1CVSS5.4AI score0.00324EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/05 4:14 p.m.15 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the NTFS handler that miscalculates compression-unit buffer size in GetCuSize function. An attacker can achieve arbitrary code execution or application crash by sending data with specially crafted...

8.8CVSS6.4AI score0.00938EPSS
Exploits1References4
CVE
CVE
added 2026/06/05 3:56 p.m.34 views

CVE-2026-48104

7-Zip (versions 9.18–26.00) contains an uninitialized heap read in the SquashFS archive handler. A sparsely populated index array causes _blockToNode to be allocated for all metadata blocks but only populated when an inode crosses a block boundary; images with few inodes spanning many blocks leav...

4.2CVSS5.5AI score0.00179EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-48104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by...

4.2CVSS6.1AI score0.00179EPSS
Exploits1References3
OSV
OSV
added 2026/05/18 9:31 a.m.12 views

GHSA-CJM8-JXPW-G43M Mattermost doesn't validate 7zip archive structure before processing

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/20 1:45 a.m.27 views

CVE-2026-32808 pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...

8.1CVSS0.00327EPSS
Exploits1References1
OSV
OSV
added 2026/02/19 12:0 a.m.3 views

OPENSUSE-SU-2026:10227-1 python311-py7zr-1.1.0-1.1 on GA media

These are all security issues fixed in the python311-py7zr-1.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.8 views

Fedora 44 : 7zip (2025-b5a4903ea0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b5a4903ea0 advisory. Automatic update for 7zip-25.01-1.fc44. Changelog Wed Nov 26 2025 Michel Lind - 25.01-1 - Update to 25.01 - 25.00+ fixes CVE-2025-11001; Resolves: rhbz241601...

7.8CVSS7.3AI score0.27017EPSS
Exploits11References2
OpenVAS
OpenVAS
added 2025/10/27 12:0 a.m.3 views

SUSE: Security Advisory (SUSE-SU-2025:3791-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.8AI score0.00614EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-11002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

7.8CVSS7.7AI score0.00517EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-11001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

7.8CVSS7.7AI score0.27017EPSS
Exploits11References2
OSV
OSV
added 2025/09/05 12:0 a.m.5 views

OPENSUSE-SU-2025:15523-1 7zip-25.01-1.1 on GA media

These are all security issues fixed in the 7zip-25.01-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.1AI score0.00635EPSS
Exploits2References2
Rows per page
Query Builder