Null Pointer Dereference in NanaZip Affects Archive Handling
CVE-2026-55783
2.4LOW
What is CVE-2026-55783?
NanaZip, a modern derivative of 7-Zip designed for Windows, experiences a null pointer dereference vulnerability in its archive extraction functionality. Before version 6.5.1749.0, the application improperly handles scenarios where the Extract function is called with a NULL Indices array. This flaw allows for the potential disruption of service, leading to application crashes when processing WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archive formats. Users are encouraged to update to version 6.5.1749.0 or higher to mitigate this issue.
Affected Version(s)
NanaZip < 6.5.1749.0
