CVE-2017-17969

Published: 30 January 2018

Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
p7zip
Launchpad, Ubuntu, Debian
Upstream
Released (9.20.1~dfsg.1-4.1+deb8u3, 16.02+dfsg-3+deb9u1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(16.02+dfsg-6)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (9.20.1~dfsg.1-4.2ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (9.20.1~dfsg.1-4+deb7u3build0.14.04.1)