QwikSec

Security Database

CVE

CWE

Training

CVE-2017-17969

Published: Jan 30, 2018

Modified: Jan 10, 2025

PUBLISHED

Description

Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

[debian-lts-announce] 20180202 [SECURITY] [DLA 1268-1] p7zip security update

mailing-list

https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/

vdb-entry

https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html

vendor-advisory

https://github.com/p7zip-project/p7zip/issues/7

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.