• Total Posts: 28034
  • Total Topics: 8051
  • Online Today: 772
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: 7-Zip under attack !!!  (Read 478 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7151
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
7-Zip under attack !!!
« on: 14. May 2016., 19:07:12 »

Two vulnerabilities recently patched in 7-Zip could put at risk of compromise many software products and devices that bundle the open-source file archiving library.

The flaws, an out-of-bounds read vulnerability and a heap overflow, were discovered by researchers from Cisco's Talos security team. They were fixed in 7-Zip 16.00, released Tuesday.

The 7-Zip software can pack and unpack files using a large number of archive formats, including its own 7z format, which is more efficient than ZIP. Its versatility and open-source nature make it an attractive library to include in other software projects that need to process and deal with archived files.

Previous research has shown that most developers do a poor job of keeping track of vulnerabilities in the third-party code they use and that they rarely update the libraries included in their projects.

"7-Zip is supported on all major platforms, and is one of the most popular archive utilities in-use today," the Cisco Talos researchers said in a blog post. "Users may be surprised to discover just how many products and appliances are affected":

A search on Google reveals that 7-Zip is used in many software projects, including in security devices and antivirus products. Many custom enterprise applications also likely use it:

The out-of-bounds read vulnerability, tracked as CVE-2016-2335, stems from 7-Zip's handling of Universal Disk Format (UDF) files, while the heap overflow condition, CVE-2016-2334, can occur when handling zlib compressed files.

To exploit the flaws, attackers can craft specially crafted files in those formats and deliver them in a way that would cause the vulnerable 7-Zip code to process them.


Samker's Computer Forum -

7-Zip under attack !!!
« on: 14. May 2016., 19:07:12 »


  • SCF Advanced Member
  • ***
  • Posts: 329
  • KARMA: 41
  • Gender: Male
Re: 7-Zip under attack !!!
« Reply #1 on: 16. May 2016., 12:50:47 »
Where this world is going. Anywhere no longer can trusts!  :-\
So sad but still true.
I'm old man but still alive as well :)


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising