Search CVE reports
1 – 10 of 23 results
7-Zip before 25.01 does not always properly handle symbolic links during extraction.
2 affected packages
7zip, p7zip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| 7zip | Needs evaluation | Needs evaluation | — | — |
| p7zip | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0...
1 affected package
7zip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| 7zip | Needs evaluation | Needs evaluation | — | — |
7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for...
1 affected package
7zip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| 7zip | Needs evaluation | Needs evaluation | — | — |
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this...
2 affected packages
p7zip, 7zip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| p7zip | Not affected | Not affected | Not affected | Not affected |
| 7zip | Not affected | Not affected | Not in release | — |
7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to...
2 affected packages
7zip, p7zip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| 7zip | Vulnerable | Vulnerable | Not in release | — |
| p7zip | Not affected | Vulnerable | Vulnerable | Vulnerable |
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is...
2 affected packages
7zip, p7zip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| 7zip | Not affected | Not affected | Not in release | — |
| p7zip | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 2 of 3
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a...
1 affected package
7zip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| 7zip | Fixed | Fixed | Not in release | — |
Some fixes available 2 of 3
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9,...
1 affected package
7zip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| 7zip | Fixed | Fixed | Not in release | — |
7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit...
1 affected package
7zip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| 7zip | Not affected | Needs evaluation | Not in release | Ignored |
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
1 affected package
7zip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| 7zip | Not affected | Needs evaluation | Not in release | Ignored |