Published: 30/01/2018 Updated: 21/03/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip prior to 18.00 and p7zip allows remote malicious users to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
7-zip 7-zip
7-zip p7zip
debian debian linux 9.0
debian debian linux 8.0
debian debian linux 7.0

p7zip could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #888297 p7zip: CVE-2017-17969: ZIP Shrink: Heap Buffer Overflow Package: p7zip; Maintainer for p7zip is Robert Luberda <robert@debianorg>; Source for p7zip is src:p7zip (PTS, buildd, popcon) Reported by: Gregor Riepl <onitake@gmailcom> Date: Wed, 24 Jan 2018 18:48:01 UTC Severity: grave Ta ...

Debian Bug report logs - #888314 p7zip-rar: CVE-2018-5996: Memory Corruptions via RAR PPMd Package: p7zip-rar; Maintainer for p7zip-rar is Robert Luberda <robert@debianorg>; Source for p7zip-rar is src:p7zip-rar (PTS, buildd, popcon) Reported by: Gregor Riepl <onitake@gmailcom> Date: Wed, 24 Jan 2018 18:48:01 UTC ...

CWE-787 https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/https://lists.debian.org/debian-lts-announce/2018/02/msg00003.html https://www.debian.org/security/2018/dsa-4104 https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html http://www.securitytracker.com/id/1040831 https://usn.ubuntu.com/3913-1/https://usn.ubuntu.com/3913-1/https://nvd.nist.gov

CVE-2017-17969

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect