DSA-3599-1 p7zip -- p7zipID: oval:org.secpod.oval:def:602532 | Date: (C)2016-06-14 (M)2023-12-20 |
Class: PATCH | Family: unix |
Marcin "Icewall" Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted UDF file is processed.