cbcvebase.
CVE-2022-47112
published 2025-04-19

CVE-2022-47112: 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.

PriorityP410low3.3CVSS 3.1
AVLACLPRNUIRSUCNILAN
EPSS
0.16%
5.6th percentile
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.

Affected

4 ranges
VendorProductVersion rangeFixed in
7-zip7-zip
7-zipp7zip>= 0 < 16.02+transitional.116.02+transitional.1
debian7zip< p7zip 16.02+transitional.1 (trixie)p7zip 16.02+transitional.1 (trixie)
debianp7zip< p7zip 16.02+transitional.1 (trixie)p7zip 16.02+transitional.1 (trixie)

CVSS provenance

nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv3.3LOW
vendor_debian2.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.