Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2016-2334

Published: 13/12/2016 Updated: 07/11/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to 7-zip

Vulnerability Summary

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip prior to 16.00 and p7zip allows remote malicious users to execute arbitrary code via a crafted HFS+ image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

7-zip 7-zip

fedoraproject fedora 24

fedoraproject fedora 23

oracle solaris

Vendor Advisories

Debian CVElist Bug Report Logs: p7zip: CVE-2016-2334 CVE-2016-2335
Debian Bug report logs - #824160 p7zip: CVE-2016-2334 CVE-2016-2335 Package: src:p7zip; Maintainer for src:p7zip is Robert Luberda <robert@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 13 May 2016 05:06:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in versions ...

Github Repositories

https://github.com/mikhailnov/rosa-building-guide

Инструкция по сборке пакетов для Росы. Создается сообществом. Коммиты приветствуются. Для визуального редактирования Markdown рекомендуем редактор Remarkable: https://remarkableapp.github.io/linux.html

СБОРКА И ОБНОВЛЕНИЕ ПРОГРАММ В ОС «РОСА Linux» (Дидактические материалы) Россия, 2017г Автор: Владимир Шаронин Введение «Проба пера» "Сделай сам"- Howto для желающих обновлять программы в РОСЕ Запро

https://github.com/icewall/CVE-2016-2334

Exploiting CVE-2016-2334 7zip HFS+ vulnerability

Exploiting CVE-2016-2334 7zip HFS+ vulnerability hfsGeneratorpy Script used to generate HFS+ file heapjs WinDbg js script After loading script, setup allocation hook in the following way: bp ntdll!RtlAllocateHeap "pt "dx DebuggerStateScriptsheapContentshandleRtlHeapAlloc();g"" Next you can list heap chunks with information about allocated there

References

CWE-119http://www.talosintel.com/reports/TALOS-2016-0093/http://www.securityfocus.com/bid/90531http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.htmlhttp://www.securitytracker.com/id/1035876http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.htmlhttps://security.gentoo.org/glsa/201701-27http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824160https://nvd.nist.govhttps://github.com/mikhailnov/rosa-building-guide
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook