VYPR

7 Zip

by 7 Zip

CVEs (33)

  • CVE-2023-31102Nov 3, 2023
    risk 0.04cvss epss 0.71

    Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.

  • CVE-2025-11001Nov 19, 2025
    risk 0.03cvss epss 0.27

    7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may…

  • CVE-2007-4725Sep 5, 2007
    risk 0.03cvss epss 0.06

    Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.

  • CVE-2022-29072Apr 15, 2022
    risk 0.02cvss epss 0.02

    7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe…

  • CVE-2023-40481May 3, 2024
    risk 0.01cvss epss 0.27

    7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit…

  • CVE-2025-11002Jan 23, 2026
    risk 0.00cvss epss 0.01

    7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may…

  • CVE-2025-55188Aug 8, 2025
    risk 0.00cvss epss 0.01

    7-Zip before 25.01 does not always properly handle symbolic links during extraction.

  • CVE-2025-53817Jul 17, 2025
    risk 0.00cvss epss 0.01

    7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.

  • CVE-2022-47111Apr 19, 2025
    risk 0.00cvss epss 0.00

    7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.

  • CVE-2022-47112Apr 19, 2025
    risk 0.00cvss epss 0.00

    7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.

  • CVE-2024-11612Nov 22, 2024
    risk 0.00cvss epss 0.02

    7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may…

  • CVE-2008-6536Mar 30, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).

  • CVE-2005-3051Sep 24, 2005
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7-Zip 3.13, 4.23, and 4.26 BETA, as used in products including Turbo Searcher, allows remote attackers to execute arbitrary code via a large ARJ block.

Page 2 of 2