Heap Buffer Overflow in NanaZip Affects 7-Zip Derivative for Windows
CVE-2026-47224
4.3MEDIUM
What is CVE-2026-47224?
A heap buffer overflow vulnerability exists in NanaZip, a modern 7-Zip derivative designed for Windows. This issue arises from the LVM2 physical-volume metadata parser, which can be exploited by opening a specially crafted LVM disk image. Users running NanaZip versions between 3.0.1000.0 and preceding 6.0.1698.0 are affected. The problem has been addressed in the stable release 6.0.1698.0 and the preview release 6.5.1742.0. It is essential for users to update their software to mitigate potential risks.
Affected Version(s)
NanaZip >= 3.0.1000.0, < 6.0.1698.0
