Memory Exhaustion Vulnerability in NanaZip by M2Team
CVE-2026-55782
2.4LOW
What is CVE-2026-55782?
NanaZip, a modern derivative of 7-Zip, has a vulnerability in its WebAssembly archive handler. In versions prior to 6.5.1749.0, it allocates buffers based on unchecked attacker-controlled data, which can lead to excessive memory allocation and process termination. Malicious users can exploit this flaw by crafting specific modules to trigger multi-gigabyte buffer allocations during file listing or extraction. This can result in memory exhaustion, disrupting normal operations. The issue has been addressed in version 6.5.1749.0, enhancing the application's robustness.
Affected Version(s)
NanaZip < 6.5.1749.0
