CVE-2017-17969

7.8HIGH

Key Information:

Vendor: 7-zip
Status: 7-zip; P7zip
Vendor: CVE Published:; 30 January 2018

Summary

Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.

References

https://www.debian.org/security/2018/dsa-4104

vendor-advisory

https://lists.debian.org/debian-lts-announce/2018/02/msg0...

https://landave.io/2018/01/7-zip-multiple-memory-corrupti...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2018
Vulnerability Reserved
Dec 29, 2017

.