The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
[
{
"cpes": [
"cpe:2.3:a:7-zip:7zip:*:*:*:*:*:*:*:*"
],
"vendor": "7-zip",
"product": "7zip",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "24.01",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]