编号撤回

cross-zip is a cross-platform zip file creation tool by the individual developer Feross Aboukhadijeh. This CVE number has been withdrawn...

SUSE CVE-2022-47069

p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp. NOTE: the Supplier has found that this is not a buffer overflow; at most an out-of-bounds read can occur...

The vulnerability of the SQFS file analyzer of the 7-Zip compressor allows a hacker to execute arbitrary code.

The vulnerability of the SQFS-file analyzer of the 7-Zip compressor is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by causing the user to open malicious links or files...

SUSE CVE-2016-2334

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image...

SUSE CVE-2016-9296

A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause ...

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container leading to denial of service (resource consumption) aka a "better zip bomb" issue.

...

AZL-6784 CVE-2018-5996 affecting package p7zip for versions less than 16.02-22

Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...