FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p7zip -- heap-based buffer overflow

Affected packages
p7zip < 16.02_1

Details

VuXML ID 6d337396-0e4a-11e8-94c0-5453ed2e2b49
Discovery 2018-01-23
Entry 2018-02-10

MITRE reports:

Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.

[source]

References

CVE Name CVE-2017-17969
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969
URL https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
URL https://marc.info/?l=bugtraq&=151782582216805&=2
URL https://nvd.nist.gov/vuln/detail/CVE-2017-17969

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.