Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
{ "ubuntu_priority": "medium", "binaries": [ { "binary_name": "p7zip", "binary_version": "16.02+dfsg-6" }, { "binary_name": "p7zip-dbgsym", "binary_version": "16.02+dfsg-6" }, { "binary_name": "p7zip-full", "binary_version": "16.02+dfsg-6" }, { "binary_name": "p7zip-full-dbgsym", "binary_version": "16.02+dfsg-6" } ], "availability": "No subscription required" }