Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-2334

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.

Related bugs and status

CVE-2016-2334 (Candidate) is related to these bugs:

Bug #1581381: 7z code execution vulnerabilites

Summary				In	Importance	Status
	1581381	7z code execution vulnerabilites		p7zip (Ubuntu)	Medium	Fix Released
	1581381	7z code execution vulnerabilites		p7zip (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://blog.talosintel...
MISC: http://www.talosintel....
CONFIRM: http://www.oracle.com/...
FEDORA: FEDORA-2016-430bc0f808
FEDORA: FEDORA-2016-bbcb0e4eb4
BID: 90531
SECTRACK: 1035876
GENTOO: GLSA-201701-27
MISC: http://blog.talosintel...