In the popular archiver 7-Zip fixed serious vulnerabilities
The author of the well-known 7-Zip archiver, Igor Pavlov, announced the release of a new version of his v16. We strongly recommend all users to upgrade to this version, as it fixes several serious vulnerabilities discovered earlier by the Cisco Talos team. Vulnerabilities allow attackers to remotely execute code on the user's system by sending a specially crafted file that is designed to open 7-Zip. After opening such a file in the user's system, malicious code will be executed.
Both vulnerabilities are related to incorrect operation of the 7-Zip code with memory, one of them with the identifier CVE-2016-2335 is of the type out-of-bound read (reading out of the buffer) when working with files of the Universal Disk Format (UDF) type and another CVE-2016-2334 to buffer-overflow (memory corruption outside the buffer) when working with HFS + format files.
')
Download the current version of 7-Zip at this link .
Both vulnerabilities are related to incorrect operation of the 7-Zip code with memory, one of them with the identifier CVE-2016-2335 is of the type out-of-bound read (reading out of the buffer) when working with files of the Universal Disk Format (UDF) type and another CVE-2016-2334 to buffer-overflow (memory corruption outside the buffer) when working with HFS + format files.
')
Download the current version of 7-Zip at this link .
Source: https://habr.com/ru/post/300890/
All Articles