CVE-2016-2335
published 2016-06-07CVE-2016-2335: The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service…
PriorityP348high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
9.79%
94.9th percentile
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 7-zip | 7-zip | — | — |
| 7-zip | 7-zip | — | — |
| 7-zip | p7zip | >= 0 < 15.14.1+dfsg-2 | 15.14.1+dfsg-2 |
| 7-zip | p7zip | >= 0 < 15.14.1+dfsg-2 | 15.14.1+dfsg-2 |
| 7-zip | p7zip | >= 0 < 15.14.1+dfsg-2 | 15.14.1+dfsg-2 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | p7zip | < p7zip 15.14.1+dfsg-2 (bookworm) | p7zip 15.14.1+dfsg-2 (bookworm) |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p2xg-m23c-2mm9: The CInArchive::ReadFileItem method in Archive/Udf/UdfIn
ghsa_unreviewed·2022-05-14
CVE-2016-2335 [HIGH] CWE-119 GHSA-p2xg-m23c-2mm9: The CInArchive::ReadFileItem method in Archive/Udf/UdfIn
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.
OSV
CVE-2016-2335: The CInArchive::ReadFileItem method in Archive/Udf/UdfIn
osv·2016-06-07·CVSS 8.8
CVE-2016-2335 [HIGH] CVE-2016-2335: The CInArchive::ReadFileItem method in Archive/Udf/UdfIn
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.
Ubuntu
P7ZIP vulnerabilities
vendor_ubuntu·2019-03-21
CVE-2016-2335 P7ZIP vulnerabilities
Title: P7ZIP vulnerabilities
Summary: p7zip could be made to crash or run programs as your login if it
opened a specially crafted file.
It was discovered that p7zip did not correctly handle certain malformed
archives. If a user or automated system were tricked into processing a specially
crafted archive with p7zip, then p7zip could be made to crash, possibly leading
to abitrary code execution.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2016-2335: p7zip - The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15...
vendor_debian·2016·CVSS 8.8
CVE-2016-2335 [HIGH] CVE-2016-2335: p7zip - The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15...
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.
Scope: local
bookworm: resolved (fixed in 15.14.1+dfsg-2)
bullseye: resolved (fixed in 15.14.1+dfsg-2)
trixie: resolved (fixed in 15.14.1+dfsg-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [fedora-all]
bugzilla·2016-05-12·CVSS 7.8
CVE-2016-2334 [HIGH] CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [fedora-all]
CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While on
Bugzilla
CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [epel-all]
bugzilla·2016-05-12·CVSS 7.8
CVE-2016-2334 [HIGH] CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [epel-all]
CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL.
Bugzilla
CVE-2016-2335 p7zip: Out-of-bounds read vuilerability
bugzilla·2016-05-12·CVSS 8.8
CVE-2016-2335 [HIGH] CVE-2016-2335 p7zip: Out-of-bounds read vuilerability
CVE-2016-2335 p7zip: Out-of-bounds read vuilerability
An out-of-bounds read vulnerability exists in the way 7-Zip handles Universal Disk Format (UDF) files. The UDF file system was meant to replace the ISO-9660 file format, and was eventually adopted as the official file system for DVD-Video and DVD-Audio.
Central to 7-Zip’s processing of UDF files is the CInArchive::ReadFileItem method. Because volumes can have more than one partition map, their objects are kept in an object vector. To start looking for an item, this method tries to reference the proper object using the partition map’s object vector and the "PartitionRef" field from the Long Allocation Descriptor. Lack of checking whether the "PartitionRef" field is bigger than the available amount of partition map objects causes a read
Talos
Multiple 7-Zip Vulnerabilities Discovered by Talos
blogs_talos·2016-05-11·CVSS 8.8
[HIGH] Multiple 7-Zip Vulnerabilities Discovered by Talos
7-Zip vulnerabilities were discovered by Marcin Noga.
Update 2016-05-12: Related advisories for the 7-Zip issues covered in this blog can be found here:
http://www.talosintel.com/reports/TALOS-2016-0093/
http://www.talosintel.com/reports/TALOS-2016-0094/
7-Zip is an open-source file archiving application which features optional AES-256 encryption, support for large files, and the ability to use “any compression, conversion or encryption method”. Recently Cisco Talos has discovered multiple exploitable vulnerabilities in 7-Zip. These type of vulnerabilities are especially concerning since vendors may not be aware they are using the affected libraries. This can be of particular concern, for example, when it comes to security devices or antivirus products. 7-Zip is supported on all major pl
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00098.htmlhttp://lists.opensuse.org/opensuse-updates/2016-07/msg00069.htmlhttp://www.debian.org/security/2016/dsa-3599http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.htmlhttp://www.securityfocus.com/bid/90531http://www.securitytracker.com/id/1035876http://www.talosintel.com/reports/TALOS-2016-0094/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/https://security.gentoo.org/glsa/201701-27https://usn.ubuntu.com/3913-1/http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00098.htmlhttp://lists.opensuse.org/opensuse-updates/2016-07/msg00069.htmlhttp://www.debian.org/security/2016/dsa-3599http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.htmlhttp://www.securityfocus.com/bid/90531http://www.securitytracker.com/id/1035876http://www.talosintel.com/reports/TALOS-2016-0094/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/https://security.gentoo.org/glsa/201701-27https://usn.ubuntu.com/3913-1/
2016-06-07
Published