KLA10823
Denial of service and arbitrary code execution vulnerabilities in 7-Zip
Updated: 06/17/2019
Detect date
?
06/01/2016
Severity
?
High
Description

Improper processing of UDF files was found in 7zip. By exploiting this vulnerability malicious users can cause a denial of service or execute arbitrary code. This vulnerability can be exploited remotely via specially crafted UDF file.


Technical details

This vulnerability related to CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp. It can be exploited via specially formed PartitionRef field in the Long Allocation Descriptor in a UDF file.

Affected products

7-Zip 9.20
7-Zip 15.05 beta

Solution

Update to the latest version.
Get 7-Zip

Impacts
?
ACE 
[?]

DoS 
[?]
CVE-IDS
?