DSA-4104-1 p7zip -- p7zipID: oval:org.secpod.oval:def:603258 | Date: (C)2018-02-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
"landave" discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted shrinked ZIP archive is processed.
Platform: |
Debian 8.x |
Debian 9.x |