CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47112
https://notcve.org/view.php?id=CVE-2022-47112
19 Apr 2025 — 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected. 7-Zip 22.01 no reporta errores para ciertos archivos xz no válidos, relacionados con indicadores de flujo y bits reservados. Algunas versiones posteriores no se ven afectadas. • https://github.com/boofish/semantic-bugs • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47111
https://notcve.org/view.php?id=CVE-2022-47111
19 Apr 2025 — 7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected. 7-Zip 22.01 no reporta errores para ciertos archivos xz no válidos, relacionados con indicadores de bloque y bits reservados. Algunas versiones posteriores no se ven afectadas. • https://github.com/boofish/semantic-bugs • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.0EPSS: 32%CPEs: 1EXPL: 10CVE-2025-0411 – 7-Zip Mark of the Web Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-0411
19 Jan 2025 — 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted fil... • https://packetstorm.news/files/id/188804 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11612 – 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-11612
21 Nov 2024 — 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. • https://www.zerodayinitiative.com/advisories/ZDI-24-1606 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 32%CPEs: 1EXPL: 1CVE-2024-11477 – 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11477
20 Nov 2024 — 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer und... • https://github.com/TheN00bBuilder/cve-2024-11477-writeup • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-52168 – Ubuntu Security Notice USN-7438-1
https://notcve.org/view.php?id=CVE-2023-52168
03 Jul 2024 — The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc. El controlador NTFS NtfsHandler.cpp en 7-Zip anterior a 24.01 (para 7zz) contiene un desbordamiento de búfer basado en montón que permite a un atacante sobrescribir dos bytes en múltiples desplazamientos más allá del tamaño de búfer asignado: búfer+512*i-2, para i =... • http://www.openwall.com/lists/oss-security/2024/07/03/10 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 0CVE-2023-40481 – 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40481
23 Aug 2023 — 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SQFS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocate... • https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 35%CPEs: 4EXPL: 0CVE-2023-31102 – 7-Zip 7Z File Parsing Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-31102
23 Aug 2023 — Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. 7-Zip hasta 22.01 en Linux permite un desbordamiento de números enteros y la ejecución de código a través de un archivo 7Z manipulado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with... • https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47069
https://notcve.org/view.php?id=CVE-2022-47069
22 Aug 2023 — p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. • https://sourceforge.net/p/p7zip/bugs/241 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 15%CPEs: 2EXPL: 7CVE-2022-29072
https://notcve.org/view.php?id=CVE-2022-29072
15 Apr 2022 — 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur **EN DISPUTA** 7-Zip hasta la versión 21.07 en Windows permite la escalada de privilegios y la ejecución de comandos cuando se arrastra un archivo... • https://github.com/kagancapar/CVE-2022-29072 • CWE-787: Out-of-bounds Write •