CVE-2016-9296
published 2016-11-12CVE-2016-9296: A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in…
PriorityP341high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
7.02%
93.4th percentile
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 7-zip | p7zip | — | — |
| 7-zip | p7zip | >= 0 < 16.02+dfsg-2 | 16.02+dfsg-2 |
| 7-zip | p7zip | >= 0 < 16.02+dfsg-2 | 16.02+dfsg-2 |
| 7-zip | p7zip | >= 0 < 16.02+dfsg-2 | 16.02+dfsg-2 |
| debian | p7zip | < p7zip 16.02+dfsg-2 (bookworm) | p7zip 16.02+dfsg-2 (bookworm) |
| msrc | azl3_p7zip_16.02-23_on_azure_linux_3.0 | — | — |
| msrc | cbl2_p7zip_16.02-22_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_p7zip_16.02-22_on_cbl_mariner_1.0 | — | — |
| msrc | p7zip-16.02-22.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm | — | — |
| msrc | p7zip-16.02-22.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64 | — | — |
| msrc | p7zip-16.02-23.azl3.aarch64.rpm_on_azure_linux_3.0_arm | — | — |
| msrc | p7zip-16.02-23.azl3.x86_64.rpm_on_azure_linux_3.0_x64 | — | — |
| msrc | p7zip-debuginfo-16.02-22.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm | — | — |
| msrc | p7zip-debuginfo-16.02-22.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64 | — | — |
| msrc | p7zip-doc-16.02-22.cm2.noarch.rpm_on_cbl_mariner_2.0_arm | — | — |
| msrc | p7zip-doc-16.02-22.cm2.noarch.rpm_on_cbl_mariner_2.0_x64 | — | — |
| msrc | p7zip-doc-16.02-23.azl3.noarch.rpm_on_azure_linux_3.0_arm | — | — |
| msrc | p7zip-doc-16.02-23.azl3.noarch.rpm_on_azure_linux_3.0_x64 | — | — |
| msrc | p7zip-plugins-16.02-22.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm | — | — |
| msrc | p7zip-plugins-16.02-22.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64 | — | — |
| msrc | p7zip-plugins-16.02-23.azl3.aarch64.rpm_on_azure_linux_3.0_arm | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams
vendor_msrc·2016-11-08·CVSS 7.5
CVE-2016-9296 [HIGH] CWE-476 A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp as used in the 7z.so library and in 7z applications will cause a crash and a denial of service when decoding malformed 7z files.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which
Debian
CVE-2016-9296: p7zip - A null pointer dereference bug affects the 16.02 and many old versions of p7zip....
vendor_debian·2016·CVSS 7.5
CVE-2016-9296 [HIGH] CVE-2016-9296: p7zip - A null pointer dereference bug affects the 16.02 and many old versions of p7zip....
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.
Scope: local
bookworm: resolved (fixed in 16.02+dfsg-2)
bullseye: resolved (fixed in 16.02+dfsg-2)
trixie: resolved (fixed in 16.02+dfsg-2)
GHSA
GHSA-mqw8-2gg2-v87m: A null pointer dereference bug affects the 16
ghsa_unreviewed·2022-05-17
CVE-2016-9296 [HIGH] CWE-476 GHSA-mqw8-2gg2-v87m: A null pointer dereference bug affects the 16
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.
OSV
CVE-2016-9296: A null pointer dereference bug affects the 16
osv·2016-11-12·CVSS 7.5
CVE-2016-9296 [HIGH] CVE-2016-9296: A null pointer dereference bug affects the 16
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp [fedora-all]
bugzilla·2016-11-14·CVSS 7.5
CVE-2016-9296 [HIGH] CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp [fedora-all]
CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
Bugzilla
CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp [epel-all]
bugzilla·2016-11-14·CVSS 7.5
CVE-2016-9296 [HIGH] CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp [epel-all]
CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedo
Bugzilla
CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp
bugzilla·2016-11-14·CVSS 7.5
CVE-2016-9296 [HIGH] CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp
CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp
A null pointer dereference vulnerability was found in p7zip. Malformed 7z file could cause the application to crash.
Upstream bug:
https://sourceforge.net/p/p7zip/bugs/185/
Discussion:
Created p7zip tracking bugs for this issue:
Affects: fedora-all [bug 1394794]
Affects: epel-all [bug 1394795]
---
p7zip 16.02 + more CVE-2016-9296.patch [1] = p7zip 16.02-2
[1]
https://src.fedoraproject.org/cgit/rpms/p7zip.git/tree/CVE-2016-9296.patch
---
Fixed In Version field here is meant to note fixed upstream version. Based on your comment 2, it should not note 16.02. If there is not fixed upstream version yet, it should be left blank.
http://www.securityfocus.com/bid/94294https://github.com/yangke/7zip-null-pointer-dereferencehttps://sourceforge.net/p/p7zip/bugs/185/https://sourceforge.net/p/p7zip/discussion/383043/thread/648d34db/http://www.securityfocus.com/bid/94294https://github.com/yangke/7zip-null-pointer-dereferencehttps://sourceforge.net/p/p7zip/bugs/185/https://sourceforge.net/p/p7zip/discussion/383043/thread/648d34db/
2016-11-12
Published