CVE-2016-2335 (retired)

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20
and 15.05 beta and p7zip allows remote attackers to cause a denial of
service (out-of-bounds read) or execute arbitrary code via the PartitionRef
field in the Long Allocation Descriptor in a UDF file.
Source: p7zip (LP Ubuntu Debian)
Upstream:released (15.14.1+dfsg-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [9.20.1~dfsg.1-4+deb7u2build0.12.04.1])
Ubuntu 14.04 LTS (Trusty Tahr):released (9.20.1~dfsg.1-4+deb7u2build0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (9.20.1~dfsg.1-4.2ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (15.14.1+dfsg-2)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (15.14.1+dfsg-2)
Ubuntu 19.04 (Disco Dingo):not-affected (15.14.1+dfsg-2)
More Information

Updated: 2019-03-26 12:19:20 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)