FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p7zip -- heap overflow vulnerability

Affected packages
p7zip < 15.14_1

Details

VuXML ID a9bcaf57-4a7b-11e6-97f7-5453ed2e2b49
Discovery 2016-05-11
Entry 2016-07-15

Cisco Talos reports:

An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution.

[source]

References

CVE Name CVE-2016-2334
URL http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.