Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-2335

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.

Related bugs and status

CVE-2016-2335 (Candidate) is related to these bugs:

Bug #1581381: 7z code execution vulnerabilites

Summary				In	Importance	Status
	1581381	7z code execution vulnerabilites		p7zip (Ubuntu)	Medium	Fix Released
	1581381	7z code execution vulnerabilites		p7zip (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.talosintel....
SUSE: openSUSE-SU-2016:1464
DEBIAN: DSA-3599
CONFIRM: http://www.oracle.com/...
SUSE: openSUSE-SU-2016:1850
BID: 90531
SUSE: openSUSE-SU-2016:1675
MISC: http://blog.talosintel...
FEDORA: FEDORA-2016-430bc0f808
FEDORA: FEDORA-2016-bbcb0e4eb4
SECTRACK: 1035876
GENTOO: GLSA-201701-27
UBUNTU: USN-3913-1