Vulnerabilities > 7 ZIP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-02 | CVE-2018-10115 | Use of Uninitialized Resource vulnerability in 7-Zip Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | 6.8 |
| 2018-01-31 | CVE-2018-5996 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | 6.8 |
| 2018-01-30 | CVE-2017-17969 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. | 6.8 |
| 2017-05-22 | CVE-2016-7804 | Untrusted Search Path vulnerability in 7-Zip Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.8 |
| 2016-11-12 | CVE-2016-9296 | NULL Pointer Dereference vulnerability in 7-Zip P7Zip 16.02 A null pointer dereference bug affects the 16.02 and many old versions of p7zip. | 5.0 |
| 2015-01-21 | CVE-2015-1038 | Link Following vulnerability in multiple products p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | 5.8 |