CVE-2023-52168 — Heap-based Buffer Overflow in 7zip

CWE-122 — Heap-based Buffer Overflow6 documents5 sources

Severity

8.4HIGHNVD

EPSS

0.1%

top 77.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

7-zip P7zip Debian 7zip Debian P7zip

Timeline

PublishedJul 3

Latest updateApr 15

Description

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/7zip< 7zip 22.01+dfsg-8+deb12u1 (bookworm)

▶debiandebian/p7zip< 7zip 22.01+dfsg-8+deb12u1 (bookworm)

▶Debian7-zip/p7zip< 16.02+transitional.1

🔴Vulnerability Details

OSV

7zip vulnerabilities↗2025-04-15

▶

OSV

CVE-2023-52168: The NtfsHandler↗2024-07-03

▶

GHSA

GHSA-wgw3-5w65-2g45: The NtfsHandler↗2024-07-03

▶

📋Vendor Advisories

Ubuntu

7-Zip vulnerabilities↗2025-04-15

▶

Debian

CVE-2023-52168: 7zip - The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap...↗2023

▶