CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2025-11001 – 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-11001
07 Oct 2025 — 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. • https://packetstorm.news/files/id/211932 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11002 – 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-11002
07 Oct 2025 — 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. • https://www.zerodayinitiative.com/advisories/ZDI-25-950 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55188
https://notcve.org/view.php?id=CVE-2025-55188
08 Aug 2025 — 7-Zip before 25.01 does not always properly handle symbolic links during extraction. • https://github.com/ip7z/7zip/compare/25.00...25.01 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47112
https://notcve.org/view.php?id=CVE-2022-47112
19 Apr 2025 — 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected. 7-Zip 22.01 no reporta errores para ciertos archivos xz no válidos, relacionados con indicadores de flujo y bits reservados. Algunas versiones posteriores no se ven afectadas. • https://github.com/boofish/semantic-bugs • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47111
https://notcve.org/view.php?id=CVE-2022-47111
19 Apr 2025 — 7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected. 7-Zip 22.01 no reporta errores para ciertos archivos xz no válidos, relacionados con indicadores de bloque y bits reservados. Algunas versiones posteriores no se ven afectadas. • https://github.com/boofish/semantic-bugs • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.0EPSS: 52%CPEs: 1EXPL: 10CVE-2025-0411 – 7-Zip Mark of the Web Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-0411
19 Jan 2025 — 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted fil... • https://packetstorm.news/files/id/188804 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11612 – 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-11612
21 Nov 2024 — 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. • https://www.zerodayinitiative.com/advisories/ZDI-24-1606 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 43%CPEs: 1EXPL: 1CVE-2024-11477 – 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11477
20 Nov 2024 — 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer und... • https://github.com/TheN00bBuilder/cve-2024-11477-writeup • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-52168 – Ubuntu Security Notice USN-7438-1
https://notcve.org/view.php?id=CVE-2023-52168
03 Jul 2024 — The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc. El controlador NTFS NtfsHandler.cpp en 7-Zip anterior a 24.01 (para 7zz) contiene un desbordamiento de búfer basado en montón que permite a un atacante sobrescribir dos bytes en múltiples desplazamientos más allá del tamaño de búfer asignado: búfer+512*i-2, para i =... • http://www.openwall.com/lists/oss-security/2024/07/03/10 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 10%CPEs: 1EXPL: 0CVE-2023-40481 – 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40481
23 Aug 2023 — 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SQFS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocate... • https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269 • CWE-787: Out-of-bounds Write •