Heap-Based Buffer Overflow in 7-Zip and p7zip Products
CVE-2017-17969
7.8HIGH
Summary
A heap-based buffer overflow vulnerability exists within the NCompress::NShrink::CDecoder::CodeReal method of 7-Zip and p7zip prior to version 18.00. This flaw enables remote attackers to craft malicious ZIP archives that can exploit the vulnerability, leading to an out-of-bounds write situation. Successful exploitation can result in denial of service or potential execution of arbitrary code, posing significant risks to affected systems.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved