Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "16.02+dfsg-6", "binary_name": "p7zip" }, { "binary_version": "16.02+dfsg-6", "binary_name": "p7zip-dbgsym" }, { "binary_version": "16.02+dfsg-6", "binary_name": "p7zip-full" }, { "binary_version": "16.02+dfsg-6", "binary_name": "p7zip-full-dbgsym" } ] }