Title: 7-Zip Unspecified Archive Handling Vulnerability
Severity: MODERATE
Description:
7-Zip is a freely available archiving and compression utility by Igor Pavlov.
7-Zip prone to a remote archive-handling vulnerability because the application fails to properly handle malformed archive files.
This issue was found by submitting randomly generated archive files to the application. Further information is not currently available.
Successfully exploiting this issue may allow remote attackers to execute code, but this has not been confirmed. Exploit attempts will likely crash the application.
Versions prior to 7-Zip 4.57 are affected.
Affected Products:
- 7-Zip 7-Zip 3.13.0
- 7-Zip 7-Zip 3.30
- 7-Zip 7-Zip 4.23.0
- 7-Zip 7-Zip 4.26.0 BETA
- 7-Zip 7-Zip 4.27.0 BETA
- RedHat Fedora 8
- RedHat Fedora 9
References:
- 7-Zip: 7-Zip Home Page
- CERT-FI: 20469: CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats
- Oulu University: PROTOS Genome Test Suite c10-archive
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
