CVE-2022-47111
published 2025-04-19CVE-2022-47111: 7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.
PriorityP410low3.3CVSS 3.1
AVLACLPRNUIRSUCNILAN
EPSS
0.20%
9.8th percentile
7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 7-zip | 7-zip | — | — |
| 7-zip | p7zip | >= 0 < 16.02+transitional.1 | 16.02+transitional.1 |
| debian | 7zip | < p7zip 16.02+transitional.1 (trixie) | p7zip 16.02+transitional.1 (trixie) |
| debian | p7zip | < p7zip 16.02+transitional.1 (trixie) | p7zip 16.02+transitional.1 (trixie) |
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv3.3LOW
vendor_debian2.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2022-47111: 7-Zip 22
osv·2025-04-19·CVSS 3.3
CVE-2022-47111 [LOW] CVE-2022-47111: 7-Zip 22
7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.
GHSA
GHSA-f2q2-pv27-hgjf: 7-Zip through 24
ghsa_unreviewed·2025-04-19
CVE-2022-47111 [LOW] CWE-754 GHSA-f2q2-pv27-hgjf: 7-Zip through 24
7-Zip through 24.09 does not report an error for certain invalid xz files, involving block flags and reserved bits.
Debian
CVE-2022-47111: 7zip - 7-Zip 22.01 does not report an error for certain invalid xz files, involving blo...
vendor_debian·2022·CVSS 2.5
CVE-2022-47111 [LOW] CVE-2022-47111: 7zip - 7-Zip 22.01 does not report an error for certain invalid xz files, involving blo...
7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.
Scope: local
bookworm: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-19
Published