7 Zip
Monthly
Uninitialized heap memory disclosure in 7-Zip's UEFI capsule (.scap) parser exposes potentially sensitive heap contents when an unauthenticated remote attacker delivers a crafted capsule file that a user opens. The OpenCapsule function allocates a heap buffer sized by the attacker-controlled CapsuleImageSize field without zero-initialization, then silently ignores read failures on truncated files, causing the unread tail - containing raw heap data - to be surfaced as extracted file content. Affecting versions 9.21 through 26.00, a fix is available in 26.0.1; no public exploit code has been identified at time of analysis.
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. [CVSS 7.8 HIGH]
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Rated low severity (CVSS 3.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Heap buffer overflow in 7-Zip's RAR5 handler writes zeroes beyond allocated heap memory, causing memory corruption and denial of service in versions prior to 25.0.0. Local attackers can trigger this vulnerability by crafting malicious RAR5 archive files. Publicly available exploit code exists, making this a moderate-priority local vulnerability despite its network-isolated attack surface.
7-Zip contains a Mark-of-the-Web bypass vulnerability allowing attackers to circumvent Windows security warnings when extracting files from malicious archives, exploited in campaigns targeting Ukrainian organizations.
Uninitialized heap memory disclosure in 7-Zip's UEFI capsule (.scap) parser exposes potentially sensitive heap contents when an unauthenticated remote attacker delivers a crafted capsule file that a user opens. The OpenCapsule function allocates a heap buffer sized by the attacker-controlled CapsuleImageSize field without zero-initialization, then silently ignores read failures on truncated files, causing the unread tail - containing raw heap data - to be surfaced as extracted file content. Affecting versions 9.21 through 26.00, a fix is available in 26.0.1; no public exploit code has been identified at time of analysis.
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. [CVSS 7.8 HIGH]
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Rated low severity (CVSS 3.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Heap buffer overflow in 7-Zip's RAR5 handler writes zeroes beyond allocated heap memory, causing memory corruption and denial of service in versions prior to 25.0.0. Local attackers can trigger this vulnerability by crafting malicious RAR5 archive files. Publicly available exploit code exists, making this a moderate-priority local vulnerability despite its network-isolated attack surface.
7-Zip contains a Mark-of-the-Web bypass vulnerability allowing attackers to circumvent Windows security warnings when extracting files from malicious archives, exploited in campaigns targeting Ukrainian organizations.