KLA11190
Multiple vulnerabilities in 7-Zip

Multiple serious vulnerabilities have been found in 7-Zip. Malicious users can exploit these vulnerabilities to cause denial of service and possibly to execute arbitrary code.

Below is a complete list of vulnerabilities:

1. Memory corruption vulnerabilities in RAR3 handler can be exploited remotely via specially crafted RAR archive to cause denial of service and possibly to execute arbitrary code;
2. A heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method can be exploited remotely via specially crafted ZIP archive to cause denial of service and possibly to execute arbitrary code

7-Zip earlier than 18.01

Update to the latest version
Download 7-Zip