KLA10823
Denial of service and arbitrary code execution vulnerabilities in 7-Zip

Improper processing of UDF files was found in 7zip. By exploiting this vulnerability malicious users can cause a denial of service or execute arbitrary code. This vulnerability can be exploited remotely via specially crafted UDF file.

Technical details

This vulnerability related to CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp. It can be exploited via specially formed PartitionRef field in the Long Allocation Descriptor in a UDF file.

7-Zip 9.20
7-Zip 15.05 beta

Update to the latest version.
Get 7-Zip