Skip to main content

7 Zip CVE-2022-47112

LOW
Improper Check for Unusual or Exceptional Conditions (CWE-754)
2025-04-19 cve@mitre.org
2.5
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.5 LOW
AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:37 vuln.today
PoC Detected
Aug 18, 2025 - 16:41 vuln.today
Public exploit code
CVE Published
Apr 19, 2025 - 21:15 nvd
LOW 2.5

DescriptionCVE.org

7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.

AnalysisAI

7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-754. 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected. Affected products include: 7-Zip.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in 7 Zip

View all
CVE-2016-2334 HIGH POC
7.8 Dec 13

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows

CVE-2016-2335 HIGH POC
8.8 Jun 07

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attacke

CVE-2022-29072 HIGH POC
7.8 Apr 15

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is d

CVE-2018-10115 HIGH POC
7.8 May 02

Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memor

CVE-2018-5996 HIGH POC
7.8 Jan 31

Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead

CVE-2025-53816 MEDIUM POC
5.5 Jul 17

Heap buffer overflow in 7-Zip's RAR5 handler writes zeroes beyond allocated heap memory, causing memory corruption and d

CVE-2026-58052 MEDIUM POC
4.8 Jun 28

Mark-of-the-Web protection is bypassed in 7-Zip for Windows 26.02 and earlier when extracting crafted RAR5 archives, all

CVE-2018-10172 HIGH
8.8 Apr 16

7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to

CVE-2016-7804 HIGH
7.8 May 22

Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges vi

CVE-2025-11002 HIGH
7.8 Jan 23

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attacke

CVE-2023-31102 HIGH
7.8 Nov 03

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. Rated hig

CVE-2022-47111 LOW POC
2.5 Apr 19

7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Rated low se

Share

CVE-2022-47112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy