CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47069
https://notcve.org/view.php?id=CVE-2022-47069
22 Aug 2023 — p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. • https://sourceforge.net/p/p7zip/bugs/241 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 1CVE-2018-5996
https://notcve.org/view.php?id=CVE-2018-5996
31 Jan 2018 — Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. Una gestión insuficiente de excepciones en el método NCompress::NRar3::CDecoder::Code en 7-Zip, en versiones anteriores a la 18.00, y en p7zip puede conducir a múltiples corrupciones de memoria en el código PPMd,... • http://www.securitytracker.com/id/1040831 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 5EXPL: 1CVE-2017-17969 – Debian Security Advisory 4104-1
https://notcve.org/view.php?id=CVE-2017-17969
30 Jan 2018 — Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. Desbordamiento de búfer basado en memoria dinámica (heap) en el método NCompress::NShrink::CDecoder::CodeReal en 7-Zip, en versiones anteriores a la 18.00 y en p7zip permite que atacantes remotos provoquen una denegación de servicio (escritura fuera de límites... • http://www.securitytracker.com/id/1040831 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2016-9296
https://notcve.org/view.php?id=CVE-2016-9296
12 Nov 2016 — A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files. Un error de referencia al puntero NULL afecta a la versión 16.02 y muchas versiones anteriores de p7zip. Una falta de comprobación de puntero null pa... • http://www.securityfocus.com/bid/94294 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 2CVE-2015-1038 – Debian Security Advisory 3289-1
https://notcve.org/view.php?id=CVE-2015-1038
21 Jan 2015 — p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. p7zip 9.20.1 permite a atacantes remotos escribir a ficheros arbitrarios a través de un ataque de enlace simbólico en un archivo. Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside t... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173245.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •