Linux Distros Unpatched Vulnerability : CVE-2026-48104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - 7zip - None p7zip - None Ubuntu Linux - Unknown description CVE-2026-48104 Note that Nessus relies on the presence of the package as reported by...

GHSA-CJM8-JXPW-G43M Mattermost doesn't validate 7zip archive structure before processing

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...

CVE-2026-32808 pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...

OPENSUSE-SU-2026:10227-1 python311-py7zr-1.1.0-1.1 on GA media

These are all security issues fixed in the python311-py7zr-1.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

Fedora 44 : 7zip (2025-b5a4903ea0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b5a4903ea0 advisory. Automatic update for 7zip-25.01-1.fc44. Changelog Wed Nov 26 2025 Michel Lind - 25.01-1 - Update to 25.01 - 25.00+ fixes CVE-2025-11001; Resolves: rhbz241601...

SUSE: Security Advisory (SUSE-SU-2025:3791-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-11001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

Linux Distros Unpatched Vulnerability : CVE-2025-11002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

OPENSUSE-SU-2025:15523-1 7zip-25.01-1.1 on GA media

These are all security issues fixed in the 7zip-25.01-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-49102

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...

Vulnerabilities fixed in 7-zip

Vulnerabilities have been fixed in 7-zip. The vulnerabilities are located in the way 7Z and SQFS files are processed and allow a malicious person to execute arbitrary code execute arbitrary code in the context of the user. Successful exploitation requires the malicious party to trick the victim...

SUSE CVE-2016-8689

The readHeader function in archivereadsupportformat7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service out-of-bounds read via multiple EmptyStream attributes in a header in a 7zip archive...

SUSE CVE-2019-1000019

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards release v3.0.2 onwards contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archivereadsupportformat7zip.c, headerbytes that can result in a crash denial of service. This attack appears to be...

SUSE CVE-2022-44900

A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...

GHSA-7HFM-57QF-J43Q Excessive Iteration in Compress

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package...

UBUNTU-CVE-2019-1000019

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards release v3.0.2 onwards contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archivereadsupportformat7zip.c, headerbytes that can result in a crash denial of service. This attack appears to be...

DEBIAN-CVE-2016-4300

Integer overflow in the readSubStreamsInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow...

UBUNTU-CVE-2015-8922

The readCodersInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted 7z file, related to the 7zfolder struct...