CVE-2016-9296NULL Pointer Dereference in P7zip

CWE-476NULL Pointer Dereference8 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.7%
top 17.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
23
7-zip P7zipDebian P7zipMsrc Azl3 P7zip 16.02-23 ON Azure Linux 3.0+20 more
Timeline
PublishedNov 12
Latest updateMay 17

Description

A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages24 packages

debiandebian/p7zip< p7zip 16.02+dfsg-2 (bookworm)
Debian7-zip/p7zip< 16.02+dfsg-2+2
NVD7-zip/p7zip16.02

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-mqw8-2gg2-v87m: A null pointer dereference bug affects the 162022-05-17
OSV
CVE-2016-9296: A null pointer dereference bug affects the 162016-11-12

📋Vendor Advisories

2
Microsoft
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams 2016-11-08
Debian
CVE-2016-9296: p7zip - A null pointer dereference bug affects the 16.02 and many old versions of p7zip....2016

💬Community

3
Bugzilla
CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp [fedora-all]2016-11-14
Bugzilla
CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp [epel-all]2016-11-14
Bugzilla
CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp2016-11-14
CVE-2016-9296 — NULL Pointer Dereference in P7zip | cvebase