Buffer Allocation Vulnerability in NanaZip Product by M2Team
CVE-2026-55781
2.4LOW
What is CVE-2026-55781?
NanaZip, a modern derivative of 7-Zip, suffers from a buffer allocation vulnerability that allows attackers to exploit 32-bit fields within the UFS and FFS image handler. This flaw permits attackers to manipulate buffer sizes, resulting in multi-gigabyte memory allocations during image extraction, which may lead to process termination or significant memory exhaustion. The vulnerability is addressed in version 6.5.1749.0.
Affected Version(s)
NanaZip < 6.5.1749.0
