Powered by eUKhost®

Announcement

Collapse
No announcement yet.

7-Zip vulnerabilities

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 7-Zip vulnerabilities

    7-Zip is an open-source file archiver as well as a decompressor that is deployed in a range of applications and utilities which comprises of AES-256 encryption options. 7-Zip is used by a lot of individuals and tech companies while developers implementing the system in their own software and tools. Two severe vulnerabilities are found in 7-Zip libraries which can impact antivirus products and security devices

    CVE-2016-2335: It is caused by Universal Disk Format (UDF) files. In order to find objects within the file system, when partition maps are scanned, proper checking is not done causing read-out-of-bounds problem. If it is exploited, then attackers can use the vulnerability to remotely execute the code.

    CVE-2016-2234 : It is discovered in Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7-Zip. In HFS+ system of software, files are stored in a compressed format using zlib and the information is stored in blocks depending upon the size of the data.

  • #2
    Re: 7-Zip vulnerabilities

    Useful information shared. This vulnerability can be initiated by any entry that encloses a malformed Long Allocation Descriptor.

    Comment


    • #3
      Re: 7-Zip vulnerabilities

      7-Zip is a substitute to WinRAR or WinZip, but because it’s open-source, it has also been amalgamated in other people’s software, as well.

      Comment


      • #4
        Re: 7-Zip vulnerabilities

        Out-of-bounds read vulnerability are also known as a buffer overflow exploit which is common in malicious attack scenarios. Buffer overflows can be commenced by inputs, designed to execute code, or changing the way a program functions. Buffer overflows may bring unpredictable program behaviour and may cause memory access errors, inappropriate results, crashes, or breaches of system security. For this buffer overflows, are applied in various software susceptibilities and are often exploited in malicious operations.

        Comment


        • #5
          Re: 7-Zip vulnerabilities

          There is no tool or check available to see which is bigger, the size of the block or the software's buffer which causes a buffer overflow problem and eventually heap corruption. 7-Zip and Talos have worked together in order to fix these vulnerabilities and thus the latest version of 7-Zip which is 7-Zip v.16.00 is now available and an update is recommended.

          Comment

          ban-img
          Working...
          X