Integer Underflow Vulnerability in 7-Zip Software by Ppm7d.c
CVE-2023-31102

7.8HIGH

Key Information:

Vendor: 7-zip
Status: 7-zip
Vendor: CVE Published:; 3 November 2023

Summary

A critical vulnerability exists in 7-Zip, specifically in the Ppm7.c component prior to version 23.00. This vulnerability arises from an integer underflow, allowing for invalid read operations when processing specially crafted 7Z archives. If exploited, this could potentially allow attackers to manipulate memory and execute unintended actions, posing a significant threat to users relying on the software for file compression and decompression. Maintaining the latest version of 7-Zip is advised to mitigate this risk.

References

https://www.7-zip.org/download.html

https://www.zerodayinitiative.com/advisories/ZDI-23-1165/

https://sourceforge.net/p/sevenzip/discussion/45797/threa...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Apr 24, 2023