rpm package
opensuse/p7zip&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/p7zip&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-17969 | Hig | 7.8 | < 16.02-11.3 | 16.02-11.3 | Jan 30, 2018 | Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. | |
| CVE-2016-2334 | Hig | 7.8 | < 16.02-2.1 | 16.02-2.1 | Dec 13, 2016 | Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. | |
| CVE-2016-9296 | Hig | 7.5 | < 16.02-2.1 | 16.02-2.1 | Nov 12, 2016 | A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applicat | |
| CVE-2016-2335 | Hig | 8.8 | < 16.02-2.1 | 16.02-2.1 | Jun 7, 2016 | The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file. | |
| CVE-2015-1038 | — | < 16.02-2.1 | 16.02-2.1 | Jan 21, 2015 | p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. |
- affected < 16.02-11.3fixed 16.02-11.3
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
- affected < 16.02-2.1fixed 16.02-2.1
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
- affected < 16.02-2.1fixed 16.02-2.1
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applicat
- affected < 16.02-2.1fixed 16.02-2.1
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.
- CVE-2015-1038Jan 21, 2015affected < 16.02-2.1fixed 16.02-2.1
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.