CVE-2016-2334 — Improper Restriction of Operations within the Bounds of a Memory Buffer in P7zip

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources

Severity

7.8HIGHNVD

EPSS

16.3%

top 5.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

7-zip P7zip Debian P7zip 7-zip +1 more

Timeline

PublishedDec 13

Latest updateMay 17

Description

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/p7zip< p7zip 15.14.1+dfsg-2 (bookworm)

▶Debian7-zip/p7zip< 15.14.1+dfsg-2+2

▶NVD7-zip/7-zip15.14

Also affects: Fedora 23, 24

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-62c7-f6mx-fmm8: Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16↗2022-05-17

▶

OSV

CVE-2016-2334: Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16↗2016-12-13

▶

📋Vendor Advisories

Debian

CVE-2016-2334: p7zip - Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile meth...↗2016

▶

🕵️Threat Intelligence

Talos

Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability↗2017-11-30

▶

Talos

Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability↗2017-11-30

▶

Talos

Multiple 7-Zip Vulnerabilities Discovered by Talos↗2016-05-11

▶

💬Community

Bugzilla

CVE-2016-2334 p7zip: Heap-buffer-overflow vulnerability↗2016-05-12

▶

Bugzilla

CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [fedora-all]↗2016-05-12

▶

Bugzilla

CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [epel-all]↗2016-05-12

▶