Lucene search
+L
7-zipP7zip

5 matches found

CVE
CVE
added 2023/08/22 12:0 a.m.251 views

CVE-2022-47069

CVE-2022-47069 affects p7zip 16.02, with a heap-buffer-overflow in NArchive::NZip::CInArchive::FindCd(bool) (ZipIn.cpp). Several connected sources reiterate this vulnerability and reference a patch path via updates to p7zip (e.g., p7zip 16.02 packages in Amazon Linux Alpine advisories and CNVS re...

7.8CVSS7.6AI score0.00298EPSS
CVE
CVE
added 2018/01/30 4:0 p.m.179 views

CVE-2017-17969

CVE-2017-17969 affects p7zip (7‑zip port) via a heap-based buffer overflow in NCompress::NShrink::CDecoder::CodeReal, exploitable when processing a crafted ZIP archive. The Debian advisory confirms a remote attacker can cause denial of service or potentially execute arbitrary code with the user’s...

7.8CVSS8AI score0.04938EPSS
CVE
CVE
added 2018/01/31 6:0 p.m.148 views

CVE-2018-5996

The CVE-2018-5996 entry affects 7-Zip (and p7zip) with a flaw in NCompress::NRar3::CDecoder::Code prior to version 18.00 that allows remote attackers to trigger memory corruptions in the PPMd code via a crafted RAR archive, potentially causing a denial of service or arbitrary code execution. Conn...

7.8CVSS7.7AI score0.02851EPSS
CVE
CVE
added 2016/11/12 2:19 a.m.92 views

CVE-2016-9296

The CVE-2016-9296 issue affects p7zip 16.02 and older, caused by a null pointer dereference in CInArchive::ReadAndDecodePackedStreams (CPP/7zip/Archive/7z/7zIn.cpp) used by the 7z.so library and 7z apps. This can crash and trigger a denial of service when decoding malformed 7z files. Remediation ...

7.5CVSS7.2AI score0.07016EPSS
CVE
CVE
added 2015/01/21 6:0 p.m.85 views

CVE-2015-1038

CVE-2015-1038 affects p7zip and is due to a directory traversal via a symlink attack during archive extraction, enabling writes to arbitrary files. The issue is addressed in multiple distributions (e.g., Fedora 22/23 updates; SUSE/openSUSE/SLE S12/SLES12 updates; Mageia/Debian DSA-3289; OpenSUSE ...

5.8CVSS6.5AI score0.03291EPSS