CVE-2017-17969

Priority
Description
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal
method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a
denial of service (out-of-bounds write) or potentially execute arbitrary
code via a crafted ZIP archive.
Notes
Package
Source: p7zip (LP Ubuntu Debian)
Upstream:released (9.20.1~dfsg.1-4.1+deb8u3, 16.02+dfsg-3+deb9u1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (9.20.1~dfsg.1-4+deb7u3build0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (9.20.1~dfsg.1-4.2ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (16.02+dfsg-6)
More Information

Updated: 2020-07-28 20:01:00 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)