CVE-2017-17969 (retired)

Priority
Description
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal
method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a
denial of service (out-of-bounds write) or potentially execute arbitrary
code via a crafted ZIP archive.
Package
Source: p7zip (LP Ubuntu Debian)
Upstream:released (9.20.1~dfsg.1-4.1+deb8u3, 16.02+dfsg-3+deb9u1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (9.20.1~dfsg.1-4+deb7u3build0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (9.20.1~dfsg.1-4.2ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (16.02+dfsg-6)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (16.02+dfsg-6)
Ubuntu 19.04 (Disco Dingo):not-affected (16.02+dfsg-6)
More Information

Updated: 2019-03-26 12:25:26 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)