CVE-2022-47112
published 2025-04-19CVE-2022-47112: 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.
PriorityP410low3.3CVSS 3.1
AVLACLPRNUIRSUCNILAN
EPSS
0.16%
5.6th percentile
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 7-zip | 7-zip | — | — |
| 7-zip | p7zip | >= 0 < 16.02+transitional.1 | 16.02+transitional.1 |
| debian | 7zip | < p7zip 16.02+transitional.1 (trixie) | p7zip 16.02+transitional.1 (trixie) |
| debian | p7zip | < p7zip 16.02+transitional.1 (trixie) | p7zip 16.02+transitional.1 (trixie) |
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv3.3LOW
vendor_debian2.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2022-47112: 7zip - 7-Zip 22.01 does not report an error for certain invalid xz files, involving str...
vendor_debian·2022·CVSS 2.5
CVE-2022-47112 [LOW] CVE-2022-47112: 7zip - 7-Zip 22.01 does not report an error for certain invalid xz files, involving str...
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.
Scope: local
bookworm: open
forky: open
sid: open
trixie: open
OSV
CVE-2022-47112: 7-Zip 22
osv·2025-04-19·CVSS 3.3
CVE-2022-47112 [LOW] CVE-2022-47112: 7-Zip 22
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.
GHSA
GHSA-8j5h-cxpp-7g62: 7-Zip through 24
ghsa_unreviewed·2025-04-19
CVE-2022-47112 [LOW] CWE-754 GHSA-8j5h-cxpp-7g62: 7-Zip through 24
7-Zip through 24.09 does not report an error for certain invalid xz files, involving stream flags and reserved bits.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-19
Published