VYPR

7 Zip

by 7 Zip

CVEs (33)

  • CVE-2016-2335HigJun 7, 2016
    risk 0.58cvss 8.8epss 0.10

    The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.

  • CVE-2026-48095HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.01

    7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCuSize shift UB), potentially allowing attackers to cause arbitrary code execution…

  • CVE-2018-10172HigApr 16, 2018
    risk 0.57cvss 8.8epss 0.00

    7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this…

  • CVE-2023-52168HigJul 3, 2024
    risk 0.55cvss 8.4epss 0.00

    The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.

  • CVE-2023-52169HigJul 3, 2024
    risk 0.53cvss 8.2epss 0.01

    The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has…

  • CVE-2016-2334HigDec 13, 2016
    risk 0.52cvss 7.8epss 0.15

    Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.

  • CVE-2018-10115HigMay 2, 2018
    risk 0.51cvss 7.8epss 0.05

    Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

  • CVE-2018-5996HigJan 31, 2018
    risk 0.51cvss 7.8epss 0.03

    Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a…

  • CVE-2017-17969HigJan 30, 2018
    risk 0.51cvss 7.8epss 0.05

    Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.

  • CVE-2016-7804HigMay 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2025-53816HigJul 17, 2025
    risk 0.49cvss 7.5epss 0.01

    7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.

  • CVE-2026-48112MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style __.SYMDEF symbol…

  • CVE-2026-48101MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize (up…

  • CVE-2026-48111MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parser(CPP/7zip/Archive/UefiHandler.cpp). The function validates an…

  • CVE-2026-48103MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM (Windows Imaging) archive handler's security descriptor lookup. In CHandler::GetSecurity (CPP/7zip/Archive/Wim/WimHandler.cpp), the…

  • CVE-2026-48092MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer overflow in the SquashFS ReadBlock function allows an attacker-controlled…

  • CVE-2026-48104MedJun 5, 2026
    risk 0.27cvss 4.2epss 0.00

    7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, _blockToNode is allocated with capacity for every metadata…

  • CVE-2026-48102LowJun 5, 2026
    risk 0.20cvss 3.1epss 0.00

    7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse (CPP/7zip/Archive/Udf/UdfIn.cpp), after validating size <…

  • CVE-2025-0411KEVJan 25, 2025
    risk 0.16cvss epss 0.67

    7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page…

  • CVE-2024-11477Nov 22, 2024
    risk 0.04cvss epss 0.22

    7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack…

Page 1 of 2