7 Zip
by 7 Zip
CVEs (33)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-31102 | 0.04 | — | 0.71 | Nov 3, 2023 | Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. | |||
| CVE-2025-11001 | 0.03 | — | 0.27 | Nov 19, 2025 | 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may… | |||
| CVE-2007-4725 | 0.03 | — | 0.06 | Sep 5, 2007 | Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow. | |||
| CVE-2022-29072 | 0.02 | — | 0.02 | Apr 15, 2022 | 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe… | |||
| CVE-2023-40481 | 0.01 | — | 0.27 | May 3, 2024 | 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit… | |||
| CVE-2025-11002 | 0.00 | — | 0.01 | Jan 23, 2026 | 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may… | |||
| CVE-2025-55188 | 0.00 | — | 0.01 | Aug 8, 2025 | 7-Zip before 25.01 does not always properly handle symbolic links during extraction. | |||
| CVE-2025-53817 | 0.00 | — | 0.01 | Jul 17, 2025 | 7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue. | |||
| CVE-2022-47111 | 0.00 | — | 0.00 | Apr 19, 2025 | 7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected. | |||
| CVE-2022-47112 | 0.00 | — | 0.00 | Apr 19, 2025 | 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected. | |||
| CVE-2024-11612 | 0.00 | — | 0.02 | Nov 22, 2024 | 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may… | |||
| CVE-2008-6536 | 0.00 | — | 0.03 | Mar 30, 2009 | Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10). | |||
| CVE-2005-3051 | 0.00 | — | 0.06 | Sep 24, 2005 | Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7-Zip 3.13, 4.23, and 4.26 BETA, as used in products including Turbo Searcher, allows remote attackers to execute arbitrary code via a large ARJ block. |
- CVE-2023-31102Nov 3, 2023risk 0.04cvss —epss 0.71
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
- CVE-2025-11001Nov 19, 2025risk 0.03cvss —epss 0.27
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may…
- CVE-2007-4725Sep 5, 2007risk 0.03cvss —epss 0.06
Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.
- CVE-2022-29072Apr 15, 2022risk 0.02cvss —epss 0.02
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe…
- CVE-2023-40481May 3, 2024risk 0.01cvss —epss 0.27
7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit…
- CVE-2025-11002Jan 23, 2026risk 0.00cvss —epss 0.01
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may…
- CVE-2025-55188Aug 8, 2025risk 0.00cvss —epss 0.01
7-Zip before 25.01 does not always properly handle symbolic links during extraction.
- CVE-2025-53817Jul 17, 2025risk 0.00cvss —epss 0.01
7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.
- CVE-2022-47111Apr 19, 2025risk 0.00cvss —epss 0.00
7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.
- CVE-2022-47112Apr 19, 2025risk 0.00cvss —epss 0.00
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.
- CVE-2024-11612Nov 22, 2024risk 0.00cvss —epss 0.02
7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may…
- CVE-2008-6536Mar 30, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).
- CVE-2005-3051Sep 24, 2005risk 0.00cvss —epss 0.06
Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7-Zip 3.13, 4.23, and 4.26 BETA, as used in products including Turbo Searcher, allows remote attackers to execute arbitrary code via a large ARJ block.
Page 2 of 2