CVE-2026-48102

A flaw was found in 7-Zip. A remote attacker could exploit a heap out-of-bounds read vulnerability in the UDF Universal Disk Format disc image handler by tricking a user into opening a specially crafted UDF image file. This could lead to limited information disclosure, where an attacker might gai...

CVE-2026-48102 GHSL-2026-118: 7-Zip UDF Field OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...

CVE-2026-48102

7-Zip (versions 9.11–26.00) contains a heap out-of-bounds read in the UDF disc image handler (File Identifier Descriptor parser). In CFileId::Parse, after validating size and advancing to 38 + impLen + idLen, an alignment-padding loop reads up to 3 bytes past the end when (38 + impLen + idLen) % ...

CVE-2026-48102

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...

7-Zip 缓冲区错误漏洞

7-Zip is an open-source compression software developed by 7-Zip. Versions 9.11 to 26.00 of 7-Zip contain a buffer error vulnerability. This vulnerability stems from the File Identifier Descriptor parser in the UDF disc image processor, where a heap out-of-bounds read occurs, potentially leading t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000842)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000842 advisory. The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000750)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000750 advisory. The udfpctochar function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denia...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002527)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002527 advisory. The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002013)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002013 advisory. The udfpctochar function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denia...

AZL-27387 CVE-2023-37454 affecting package kernel 5.15.200.1-1

An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udfputsuper and udfcloselvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this...

SUSE CVE-2014-9729

The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service system crash via a crafted UDF filesystem image...

SUSE CVE-2014-9730

The udfpctochar function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service system crash via a crafted UDF filesystem image...

kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback

A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in the way the user triggers the udffilewriteiter function for a malicious UDF image. This flaw allows a local user to crash the system...

UBUNTU-CVE-2014-9729

The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service system crash via a crafted UDF filesystem image...