KLA60809
Multiple vulnerabilities in 7-Zip

Updated: 09/28/2023
Detect date
?
08/23/2023
Severity
?
High
Description

Multiple vulnerabilities were found in 7-Zip. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Out of bounds memory write vulnerability in SquashFS File Parsing can be exploited to execute arbitrary code.
  2. Integer Underflow vulnerability in 7Z File Parsing can be exploited to execute arbitrary code.
Affected products

7-Zip earlier than 23.00

Solution

Update to the latest version
Download 7-Zip

Original advisories

ZDI-23-1165
ZDI-23-1164

Impacts
?
ACE 
[?]
Related products
7-Zip
7-Zip (MSI installer)
Find out the statistics of the vulnerabilities spreading in your region