VDB

DEBIAN-CVE-2023-52168

DEBIAN-CVE-2023-52168 PUBLISHED CVSS 8.399999618530273 HIGH

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.

Risk Scores

CVSS 3.1
8.399999618530273
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:11p7zip16.02+dfsg-8, 16.02+transitional.1, 16.02+transitional.1
Debian:147zip0, 0, 0
Debian:127zip0, 22.01+dfsg-8, 0
Debian:12p7zip16.02+transitional.1, 16.02+dfsg-8, 16.02+transitional.1
Debian:13p7zip0, 0, 0
Debian:137zip0, 0, 0

Timeline

  • Jul 3, 2024 CVE Published
  • May 16, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›