UBUNTU-CVE-2026-48101

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-48101

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-48101.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-48101

Upstream

CVE-2026-48101

Published

2026-06-05T16:16:00Z

Modified

2026-06-12T09:04:20.205779925Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize (up to 1 GiB) without zero-initialization, then reads the file contents into it with ReadStream_FALSE whose return value is silently discarded. If the file is truncated, the unread tail of the buffer retains uninitialized heap memory, which is then exposed as extracted file content via GetStream. Version 26.0.1 fixes the issue.

References

Affected packages

Ubuntu:14.04:LTS

p7zip

Package

Name: p7zip
Purl: pkg:deb/ubuntu/p7zip?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.20.1~dfsg.1-4

9.20.1~dfsg.1-4+deb7u1build0.14.04.1

9.20.1~dfsg.1-4+deb7u2build0.14.04.1

9.20.1~dfsg.1-4+deb7u3build0.14.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "p7zip",
            "binary_version": "9.20.1~dfsg.1-4+deb7u3build0.14.04.1"
        },
        {
            "binary_name": "p7zip-full",
            "binary_version": "9.20.1~dfsg.1-4+deb7u3build0.14.04.1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-48101.json"

Ubuntu:16.04:LTS

p7zip

Package

Name: p7zip
Purl: pkg:deb/ubuntu/p7zip?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.20.1~dfsg.1-4.2

9.20.1~dfsg.1-4.2ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "p7zip",
            "binary_version": "9.20.1~dfsg.1-4.2ubuntu0.1"
        },
        {
            "binary_name": "p7zip-full",
            "binary_version": "9.20.1~dfsg.1-4.2ubuntu0.1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-48101.json"

Ubuntu:18.04:LTS

p7zip

Package

Name: p7zip
Purl: pkg:deb/ubuntu/p7zip?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

16.*

16.02+dfsg-4

16.02+dfsg-5

16.02+dfsg-6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "p7zip",
            "binary_version": "16.02+dfsg-6"
        },
        {
            "binary_name": "p7zip-full",
            "binary_version": "16.02+dfsg-6"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-48101.json"

Ubuntu:20.04:LTS

p7zip

Package

Name: p7zip
Purl: pkg:deb/ubuntu/p7zip?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

16.*

16.02+dfsg-7

16.02+dfsg-7build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "p7zip",
            "binary_version": "16.02+dfsg-7build1"
        },
        {
            "binary_name": "p7zip-full",
            "binary_version": "16.02+dfsg-7build1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-48101.json"

Ubuntu:22.04:LTS

p7zip

Package

Name: p7zip
Purl: pkg:deb/ubuntu/p7zip?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

16.*

16.02+dfsg-8

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "p7zip",
            "binary_version": "16.02+dfsg-8"
        },
        {
            "binary_name": "p7zip-full",
            "binary_version": "16.02+dfsg-8"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-48101.json"

Ubuntu:25.10

7zip

Package

Name: 7zip
Purl: pkg:deb/ubuntu/7zip?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

24.*

24.09+dfsg-7

24.09+dfsg-8

25.*

25.00+dfsg-1

25.01+dfsg-1

25.01+dfsg-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "7zip",
            "binary_version": "25.01+dfsg-2"
        },
        {
            "binary_name": "7zip-standalone",
            "binary_version": "25.01+dfsg-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-48101.json"

Ubuntu:26.04:LTS

7zip

Package

Name: 7zip
Purl: pkg:deb/ubuntu/7zip?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

25.*

25.01+dfsg-2

25.01+dfsg-3

25.01+dfsg-4

25.01+dfsg-5

26.*

26.00+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "7zip",
            "binary_version": "26.00+dfsg-1"
        },
        {
            "binary_name": "7zip-standalone",
            "binary_version": "26.00+dfsg-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-48101.json"

Ubuntu:Pro:22.04:LTS

7zip

Package

Name: 7zip
Purl: pkg:deb/ubuntu/7zip?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

21.*

21.03~beta+dfsg-6

21.04~beta+dfsg-1

21.06+dfsg-1

21.07+dfsg-1

21.07+dfsg-2

21.07+dfsg-3

21.07+dfsg-4

21.07+dfsg-4ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "7zip",
            "binary_version": "21.07+dfsg-4ubuntu0.1~esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-48101.json"

Ubuntu:Pro:24.04:LTS

7zip

Package

Name: 7zip
Purl: pkg:deb/ubuntu/7zip?arch=source&distro=esm-apps%2Fnoble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

23.*

23.01+dfsg-3

23.01+dfsg-7

23.01+dfsg-8

23.01+dfsg-11

23.01+dfsg-11ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "7zip",
            "binary_version": "23.01+dfsg-11ubuntu0.1~esm1"
        },
        {
            "binary_name": "7zip-standalone",
            "binary_version": "23.01+dfsg-11ubuntu0.1~esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-48101.json"