Debian 7Zip vulnerabilities

CVE-2025-11002 [HIGH] CVE-2025-11002: 7zip - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. ... 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbo

CVE-2025-11001 [HIGH] CVE-2025-11001: 7zip - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. ... 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbo

CVE-2025-0411 [HIGH] CVE-2025-0411: 7zip - 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote att... 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. Whe

CVE-2025-53817 [MEDIUM] CVE-2025-53817: 7zip - 7-Zip is a file archiver with a high compression ratio. 7-Zip supports extractin... 7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue. Scope: local bookworm: open forky: resolved (fixed in 25.00+dfsg-1) sid: resolved (fixed in 25.00+dfsg-1) trix

CVE-2025-55188 [LOW] CVE-2025-55188: 7zip - 7-Zip before 25.01 does not always properly handle symbolic links during extract... 7-Zip before 25.01 does not always properly handle symbolic links during extraction. Scope: local bookworm: open forky: resolved (fixed in 25.01+dfsg-1) sid: resolved (fixed in 25.01+dfsg-1) trixie: resolved (fixed in 25.01+dfsg-1~deb13u1)

CVE-2024-11612 [MEDIUM] CVE-2024-11612: 7zip - 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerabilit... 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of stre

CVE-2024-11477 [HIGH] CVE-2024-11477: 7zip - 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerabil... 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementati

CVE-2023-40481 [HIGH] CVE-2023-40481: 7zip - 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerabil... 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SQ

CVE-2023-52169 [HIGH] CVE-2023-52169: 7zip - The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out... The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files

CVE-2023-52168 [HIGH] CVE-2023-52168: 7zip - The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap... The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc. Scope: local bookworm: resolved (fixed in 22.01+dfsg-8+deb12u1) forky: resolved (fixed in 24.05+dfsg-1) sid: resolved (fixed

CVE-2023-31102 [HIGH] CVE-2023-31102: 7zip - Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read opera... Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. Scope: local bookworm: open forky: resolved (fixed in 23.01+dfsg-1) sid: resolved (fixed in 23.01+dfsg-1) trixie: resolved (fixed in 23.01+dfsg-1)

CVE-2022-47112 [LOW] CVE-2022-47112: 7zip - 7-Zip 22.01 does not report an error for certain invalid xz files, involving str... 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected. Scope: local bookworm: open forky: open sid: open trixie: open

CVE-2022-47111 [LOW] CVE-2022-47111: 7zip - 7-Zip 22.01 does not report an error for certain invalid xz files, involving blo... 7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected. Scope: local bookworm: open forky: open sid: open trixie: open