5 matches found
CVE-2022-47069
CVE-2022-47069 affects p7zip 16.02, with a heap-buffer-overflow in NArchive::NZip::CInArchive::FindCd(bool) (ZipIn.cpp). Several connected sources reiterate this vulnerability and reference a patch path via updates to p7zip (e.g., p7zip 16.02 packages in Amazon Linux Alpine advisories and CNVS re...
CVE-2017-17969
CVE-2017-17969 affects p7zip (7‑zip port) via a heap-based buffer overflow in NCompress::NShrink::CDecoder::CodeReal, exploitable when processing a crafted ZIP archive. The Debian advisory confirms a remote attacker can cause denial of service or potentially execute arbitrary code with the user’s...
CVE-2018-5996
The CVE-2018-5996 entry affects 7-Zip (and p7zip) with a flaw in NCompress::NRar3::CDecoder::Code prior to version 18.00 that allows remote attackers to trigger memory corruptions in the PPMd code via a crafted RAR archive, potentially causing a denial of service or arbitrary code execution. Conn...
CVE-2016-9296
The CVE-2016-9296 issue affects p7zip 16.02 and older, caused by a null pointer dereference in CInArchive::ReadAndDecodePackedStreams (CPP/7zip/Archive/7z/7zIn.cpp) used by the 7z.so library and 7z apps. This can crash and trigger a denial of service when decoding malformed 7z files. Remediation ...
CVE-2015-1038
CVE-2015-1038 affects p7zip and is due to a directory traversal via a symlink attack during archive extraction, enabling writes to arbitrary files. The issue is addressed in multiple distributions (e.g., Fedora 22/23 updates; SUSE/openSUSE/SLE S12/SLES12 updates; Mageia/Debian DSA-3289; OpenSUSE ...