Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2016-2335

Published: 07/06/2016 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Opensuse

Vulnerability Summary

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote malicious users to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

opensuse opensuse 13.2

debian debian linux 8.0

debian debian linux 9.0

7-zip 7-zip 9.20

7-zip 7-zip 15.05

Vendor Advisories

Ubuntu Security Notice: p7zip vulnerabilities
p7zip could be made to crash or run programs as your login if it opened a specially crafted file ...
Debian CVElist Bug Report Logs: p7zip: CVE-2016-2334 CVE-2016-2335
Debian Bug report logs - #824160 p7zip: CVE-2016-2334 CVE-2016-2335 Package: src:p7zip; Maintainer for src:p7zip is Robert Luberda <robert@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 13 May 2016 05:06:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in versions ...
Debian Security Advisories: DSA-3599-1 p7zip -- security update
Marcin Icewall Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zi ...

Github Repositories

https://github.com/mikhailnov/rosa-building-guide

Инструкция по сборке пакетов для Росы. Создается сообществом. Коммиты приветствуются. Для визуального редактирования Markdown рекомендуем редактор Remarkable: https://remarkableapp.github.io/linux.html

СБОРКА И ОБНОВЛЕНИЕ ПРОГРАММ В ОС «РОСА Linux» (Дидактические материалы) Россия, 2017г Автор: Владимир Шаронин Введение «Проба пера» "Сделай сам"- Howto для желающих обновлять программы в РОСЕ Запро

References

CWE-119http://lists.opensuse.org/opensuse-updates/2016-06/msg00004.htmlhttp://www.talosintel.com/reports/TALOS-2016-0094/http://www.debian.org/security/2016/dsa-3599http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.htmlhttp://www.securityfocus.com/bid/90531http://lists.opensuse.org/opensuse-updates/2016-07/msg00069.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00098.htmlhttp://www.securitytracker.com/id/1035876http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.htmlhttps://security.gentoo.org/glsa/201701-27https://usn.ubuntu.com/3913-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/https://usn.ubuntu.com/3913-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook