The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "7zip", "binary_version": "24.08+dfsg-1" }, { "binary_name": "7zip-dbgsym", "binary_version": "24.08+dfsg-1" }, { "binary_name": "7zip-standalone", "binary_version": "24.08+dfsg-1" }, { "binary_name": "7zip-standalone-dbgsym", "binary_version": "24.08+dfsg-1" } ] }
{ "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "7zip", "binary_version": "23.01+dfsg-11ubuntu0.1~esm1" }, { "binary_name": "7zip-dbgsym", "binary_version": "23.01+dfsg-11ubuntu0.1~esm1" }, { "binary_name": "7zip-standalone", "binary_version": "23.01+dfsg-11ubuntu0.1~esm1" }, { "binary_name": "7zip-standalone-dbgsym", "binary_version": "23.01+dfsg-11ubuntu0.1~esm1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "7zip", "binary_version": "24.09+dfsg-7" }, { "binary_name": "7zip-dbgsym", "binary_version": "24.09+dfsg-7" }, { "binary_name": "7zip-standalone", "binary_version": "24.09+dfsg-7" }, { "binary_name": "7zip-standalone-dbgsym", "binary_version": "24.09+dfsg-7" } ] }