KLA11190
Multiple vulnerabilities in 7-Zip
Updated: 07/05/2018
CVSS
?
7.5
Detect date
?
01/30/2018
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in 7-Zip. Malicious users can exploit these vulnerabilities to cause denial of service and possibly to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Memory corruption vulnerabilities in RAR3 handler can be exploited remotely via specially crafted RAR archive to cause denial of service and possibly to execute arbitrary code;
  2. A heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method can be exploited remotely via specially crafted ZIP archive to cause denial of service and possibly to execute arbitrary code
Affected products

7-Zip earlier than 18.01

Solution

Update to the latest version
Download 7-Zip

Impacts
?
ACE 
[?]

DoS 
[?]
Related products
7-Zip
CVE-IDS
?

CVE-2018-5996
CVE-2017-17969