Context Navigation

← Previous Ticket
Next Ticket →

#56425 closed defect (fixed)

p7zip: CVE-2018-10115: Arbitrary code execution via crafted RAR archives

Reported by:	raimue (Rainer Müller)	Owned by:	l2dy (Zero King)
Priority:	Normal	Milestone:
Component:	ports	Version:
Keywords:	security	Cc:
Port:	p7zip

Description

A vulnerability was found in the code handling RAR archives in 7zip that allows to execute arbitrary code. This is likely also exploitable in p7zip @16.02. The bug has been fixed in the Windows variant of 7-Zip in version 18.05, but there was no new release for the p7zip code. No patches for p7zip are available as of this writing.

https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10115

Change History (1)

comment:1 Changed 6 years ago by l2dy (Zero King)

Owner:	set to l2dy
Resolution:	→ fixed
Status:	new → closed

In 67909febf1dafeaaea1196ea6f0803507f00c2fb/macports-ports (master):

p7zip: Fix CVE-2018-10115

Fixes: #56425

Note: See TracTickets for help on using tickets.

Download in other formats:

Comma-delimited Text
Tab-delimited Text
RSS Feed