Heap-Based Buffer Overflow in 7-Zip and p7zip Products
CVE-2017-17969

7.8HIGH

Key Information:

Vendor
7-zip
Vendor
CVE Published:
30 January 2018

Summary

A heap-based buffer overflow vulnerability exists within the NCompress::NShrink::CDecoder::CodeReal method of 7-Zip and p7zip prior to version 18.00. This flaw enables remote attackers to craft malicious ZIP archives that can exploit the vulnerability, leading to an out-of-bounds write situation. Successful exploitation can result in denial of service or potential execution of arbitrary code, posing significant risks to affected systems.

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.