cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0411,https://securityvulnerability.io/vulnerability/CVE-2025-0411,Mark-of-the-Web Bypass Vulnerability in 7-Zip by 7-Zip,"A vulnerability exists in 7-Zip that permits attackers to bypass the Mark-of-the-Web protection mechanism when extracting files from specially crafted archives. This flaw enables the extraction process to omit security markers, potentially allowing malicious files to execute arbitrary code with the privileges of the current user. User interaction is necessary, as this exploitation occurs only when a user opens a specially crafted file or visits a malicious webpage. It is recommended to update to the latest version of 7-Zip to mitigate risks associated with this vulnerability.",7-zip,7-zip,7,HIGH,0.004019999876618385,true,2025-02-06T00:00:00.000Z,true,true,true,2025-01-22T23:40:34.000Z,true,true,true,2025-02-05T15:52:02.416Z,2025-01-25T04:28:24.270Z,11821
CVE-2024-11477,https://securityvulnerability.io/vulnerability/CVE-2024-11477,Remote Code Execution Vulnerability in 7-Zip's Decompression Implementation,"A security flaw in the Zstandard decompression function of 7-Zip exposes installations to the risk of arbitrary code execution due to insufficient validation of user-supplied data. This integer underflow issue occurs when processing specially crafted input, allowing remote attackers to potentially execute malicious code within the context of the affected application. Exploitation requires interaction with the vulnerable library, leading to significant security concerns for users of 7-Zip. Affected users are encouraged to review their systems and apply available patches promptly to mitigate the risk.",7-zip,7-zip,7.8,HIGH,0.00044999999227002263,false,,true,false,true,2024-11-25T07:20:39.000Z,true,true,true,2024-11-27T09:52:02.482Z,2024-11-22T20:22:33.278Z,16211
CVE-2023-40481,https://securityvulnerability.io/vulnerability/CVE-2023-40481,7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability,"A vulnerability exists in 7-Zip related to the parsing of SquashFS (SQFS) files, which allows remote attackers to execute arbitrary code on installations of the software. This flaw arises from inadequate validation of user-supplied data when handling SQFS files, leading to out-of-bounds writes that can manipulate the memory buffer. Successful exploitation necessitates that a victim either visits a malicious website or opens a specifically crafted file, potentially allowing the attacker to execute code within the context of the affected application. For further details, see the advisories from the Zero Day Initiative and vendor discussions.",7-zip,7-zip,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-05-03T02:11:15.923Z,0
CVE-2023-31102,https://securityvulnerability.io/vulnerability/CVE-2023-31102,Integer Underflow Vulnerability in 7-Zip Software by Ppm7d.c,"A critical vulnerability exists in 7-Zip, specifically in the Ppm7.c component prior to version 23.00. This vulnerability arises from an integer underflow, allowing for invalid read operations when processing specially crafted 7Z archives. If exploited, this could potentially allow attackers to manipulate memory and execute unintended actions, posing a significant threat to users relying on the software for file compression and decompression. Maintaining the latest version of 7-Zip is advised to mitigate this risk.",7-zip,7-zip,7.8,HIGH,0.005330000072717667,false,,false,false,false,,,false,false,,2023-11-03T04:15:00.000Z,0
CVE-2022-47069,https://securityvulnerability.io/vulnerability/CVE-2022-47069,Heap Buffer Overflow in p7zip by 7-Zip,"The p7zip software version 16.02 has been identified to have a heap buffer overflow vulnerability in the method NArchive::NZip::CInArchive::FindCd(bool), which can be exploited during the processing of zip files. This could potentially allow an attacker to execute arbitrary code or impact data integrity through crafted zip files, highlighting the importance of promptly updating the software to mitigate risks.",7-zip,P7zip,7.8,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-08-22T00:00:00.000Z,0
CVE-2022-29072,https://securityvulnerability.io/vulnerability/CVE-2022-29072,Privilege Escalation and Command Execution in 7-Zip on Windows,"7-Zip versions up to 21.07 on Windows are susceptible to a vulnerability that allows for privilege escalation and command execution. This issue arises when a file with the .7z extension is dragged to the Help>Contents area, triggered by a misconfiguration of the 7z.dll and a heap overflow. The resultant command executes within a child process under the 7zFM.exe process. Although it has been reported by multiple third parties that privilege escalation may not actually occur, the potential for command execution still poses a significant risk to users.",7-zip,7-zip,7.8,HIGH,0.001509999972768128,false,,false,false,true,2022-12-20T15:30:12.000Z,true,false,false,,2022-04-15T19:54:15.000Z,0
CVE-2018-10115,https://securityvulnerability.io/vulnerability/CVE-2018-10115,,"Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.",7-zip,7-zip,7.8,HIGH,0.04242999851703644,false,,false,false,false,,,false,false,,2018-05-02T21:00:00.000Z,0
CVE-2018-10172,https://securityvulnerability.io/vulnerability/CVE-2018-10172,,"7-Zip through 18.01 on Windows implements the ""Large memory pages"" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows.",7-zip,7-zip,8.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-04-16T22:00:00.000Z,0
CVE-2018-5996,https://securityvulnerability.io/vulnerability/CVE-2018-5996,,"Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.",7-zip,"7-zip,P7zip",7.8,HIGH,0.019179999828338623,false,,false,false,false,,,false,false,,2018-01-31T18:00:00.000Z,0
CVE-2017-17969,https://securityvulnerability.io/vulnerability/CVE-2017-17969,,Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.,7-zip,"7-zip,P7zip",7.8,HIGH,0.0065299998968839645,false,,false,false,false,,,false,false,,2018-01-30T16:00:00.000Z,0
CVE-2016-2334,https://securityvulnerability.io/vulnerability/CVE-2016-2334,,Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.,7-zip,7-zip,7.8,HIGH,0.01785000041127205,false,,false,false,true,2017-11-27T15:36:50.000Z,true,false,false,,2016-12-13T22:00:00.000Z,0
CVE-2016-9296,https://securityvulnerability.io/vulnerability/CVE-2016-9296,,"A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.",7-zip,P7zip,7.5,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2016-11-12T02:19:00.000Z,0