Page 2 of 12 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. Desbordamiento de búfer basado en memoria dinámica (heap) en el método NCompress::NShrink::CDecoder::CodeReal en 7-Zip, en versiones anteriores a la 18.00 y en p7zip permite que atacantes remotos provoquen una denegación de servicio (escritura fuera de límites) o que ejecuten código arbitrario mediante un archivo ZIP manipulado. • http://www.securitytracker.com/id/1040831 https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip https://lists.debian.org/debian-lts-announce/2018/02/msg00003.html https://usn.ubuntu.com/3913-1 https://www.debian.org/security/2018/dsa-4104 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no fiable en 7 Zip para Windows 16.02 y anteriores permite a los atacantes conseguir privilegios utilizando un archivo DLL troyano en un directorio no especificado. • http://jvndb.jvn.jp/jvndb/JVNDB-2016-000211 http://www.7-zip.org/history.txt https://jvn.jp/en/jp/JVN76780067/index.html • CWE-426: Untrusted Search Path •

CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 3

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. Desbordamiento de búfer basado en memoria dinámica en el método NArchive::NHfs::CHandler::ExtractZlibFile en 7zip en versiones anteriores a 16.00 y p7zip permite a atacantes remotos ejecutar código arbitrario a través de una imagen HFS+ manipulada. • https://github.com/icewall/CVE-2016-2334 http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html http://www.securityfocus.com/bid/90531 http://www.securitytracker.com/id/1035876 http://www.talosintel.com/reports/TALOS-2016-0093 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 2

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file. El método CInArchive::ReadFileItem en Archive/Udf/UdfIn.cpp en 7zip 9.20 y 15.05 beta y p7zip permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) o ejecutar código arbitrario a través de un archivo PartitionRef en Long Allocation Descriptor en un archivo UDF. • http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00098.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00069.html http://www.debian.org/security/2016/dsa-3599 http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html http://www.securityfocus.com/bid/90531 http://www.securitytracker.com/id/1035876 http://www.talosintel • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0

Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10). Vulnerabilidad sin especificar en 7-zip anterior a v4.5.7 tiene un impacto y vectores de ataque desconocidos, como se ha demostrado mediante la suite para el testeo de formatos de archivo PROTOS GENOME (c10) • http://osvdb.org/43649 http://secunia.com/advisories/29434 http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive http://www.securityfocus.com/bid/28285 http://www.vupen.com/english/advisories/2008/0914/references http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/41247 •