Error Reporting Flaw in 7-Zip Affects File Integrity
CVE-2022-47111

2.5LOW

Key Information:

Vendor: 7-zip
Status: 7-zip
Vendor: CVE Published:; 19 April 2025

Summary

7-Zip versions up to 24.09 have a significant error reporting flaw that leads to the improper handling of certain invalid xz files. The issue involves block flags and reserved bits, potentially allowing users to be unaware of corrupted files. This vulnerability raises concerns regarding file integrity and data security, highlighting the importance of robust error reporting mechanisms in software applications.

Affected Version(s)

7-Zip 22.01

References

https://github.com/boofish/semantic-bugs/

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2025
Vulnerability Reserved
Dec 12, 2022