[3.7] p7zip: Multiple vulnerabilities (CVE-2017-17969, CVE-2018-5996)
CVE-2017-17969: Heap-based buffer overflow in the
NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and
p7zip allows remote
attackers to cause a denial of service (out-of-bounds write) or
potentially execute arbitrary code via a crafted ZIP archive.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-17969
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
CVE-2018-5996: Multiple memory corruption vulnerabilities exist in
7-Zip’s RAR compression handler.
Versions before 18.00 are affected.
References:
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
https://nvd.nist.gov/vuln/detail/CVE-2018-5996
(from redmine: issue id 8533, created on 2018-02-21, closed on 2018-08-09)
- Relations:
- parent #8531 (closed)
- Changesets:
- Revision e6025bbe by Natanael Copa on 2018-08-08T15:19:13Z:
main/p7zip: security fixes (CVE-2018-5996, CVE-2018-10115)
fixes #8533
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information