Buffer Allocation Vulnerability in NanaZip Product by M2Team
CVE-2026-55781

2.4LOW

Key Information:

Vendor

M2team

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-55781?

NanaZip, a modern derivative of 7-Zip, suffers from a buffer allocation vulnerability that allows attackers to exploit 32-bit fields within the UFS and FFS image handler. This flaw permits attackers to manipulate buffer sizes, resulting in multi-gigabyte memory allocations during image extraction, which may lead to process termination or significant memory exhaustion. The vulnerability is addressed in version 6.5.1749.0.

Affected Version(s)

NanaZip < 6.5.1749.0

References

CVSS V4

Score:
2.4
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.