CVE-2019-7312
Description
Analyzing a Zed container in PRIMX products before specific versions can disclose the plaintext of very small files (a few bytes).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Analyzing a Zed container in PRIMX products before specific versions can disclose the plaintext of very small files (a few bytes).
Vulnerability
A limited plaintext disclosure vulnerability exists in PRIMX Zed! products including Zed Enterprise, Pro, and Free for Windows, Mac, and Linux, as well as ZoneCentral and ZedMail for Windows [1]. The flaw allows the plaintext content of very small files (a few bytes) stored inside a Zed container to be disclosed when analyzing the container [1]. Affected versions include Zed Enterprise for Windows before 6.1.2240 (or before 6.1.2150 for the ANSSI qualification submission), Zed Enterprise for Mac before 2.0.199, Zed Enterprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199 [1].
Exploitation
An attacker with network access to a Zed container can exploit this vulnerability by analyzing the container file [1]. The attack complexity is high, requiring specific conditions, and no user interaction or privileges are required [1]. The exact steps involve analyzing the container to reveal the plaintext of very small files stored within it [1].
Impact
Successful exploitation leads to disclosure of the plaintext content of very small files (a few bytes) stored in the Zed container [1]. The confidentiality impact is low, while integrity and availability are not affected [1]. Encryption keys and user access keys are not compromised [1]. The scope remains unchanged, and the attacker does not gain any additional privileges beyond the file content disclosure [1].
Mitigation
PRIMX has released fixed versions to address this vulnerability [1]. Users should upgrade to the following minimal versions: Zed Enterprise for Windows 6.1.2240 (or 6.1.2150 for the ANSSI qualification submission), Zed Enterprise for Mac 2.0.199, Zed Enterprise for Linux 2.0.199, Zed Pro for Windows 1.0.195, Zed Pro for Mac 1.0.199, Zed Pro for Linux 1.0.199, Zed Free for Windows 1.0.195, Zed Free for Mac 1.0.199, and Zed Free for Linux 1.0.199 [1]. For further assistance, contact support@primx.eu [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <6.1.2240
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.primx.eu/en/bulletins/security-bulletin-19110545mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.