CVE-2016-2334

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
7-zip7-zip
𝑥
≤ 15.14
oraclesolaris
*
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
p7zip
bookworm
16.02+dfsg-8
fixed
bullseye
16.02+dfsg-8
fixed
jessie
not-affected
sid
16.02+transitional.1
fixed
trixie
16.02+transitional.1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
p7zip
artful
ignored
bionic
not-affected
precise
ignored
trusty
not-affected
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
p7zip
suse enterprise desktop 15 SP5
16.02-150200.14.9.2
fixed
suse enterprise desktop 15 SP6
16.02-150200.14.9.2
fixed
suse enterprise desktop 15 SP7
16.02-150200.14.12.1
fixed
suse enterprise sap 15 SP5
16.02-150200.14.9.2
fixed
suse enterprise sap 15 SP6
16.02-150200.14.9.2
fixed
suse enterprise sap 15 SP7
16.02-150200.14.12.1
fixed
suse enterprise server 15 SP5
16.02-150200.14.9.2
fixed
suse enterprise server 15 SP6
16.02-150200.14.9.2
fixed
suse enterprise server 15 SP7
16.02-150200.14.12.1
fixed
p7zip-full
suse enterprise desktop 15 SP5
16.02-150200.14.9.2
fixed
suse enterprise desktop 15 SP6
16.02-150200.14.9.2
fixed
suse enterprise desktop 15 SP7
16.02-150200.14.12.1
fixed
suse enterprise sap 15 SP5
16.02-150200.14.9.2
fixed
suse enterprise sap 15 SP6
16.02-150200.14.9.2
fixed
suse enterprise sap 15 SP7
16.02-150200.14.12.1
fixed
suse enterprise server 15 SP5
16.02-150200.14.9.2
fixed
suse enterprise server 15 SP6
16.02-150200.14.9.2
fixed
suse enterprise server 15 SP7
16.02-150200.14.12.1
fixed
Common Weakness Enumeration
References
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
http://www.securityfocus.com/bid/90531
http://www.securitytracker.com/id/1035876
http://www.talosintel.com/reports/TALOS-2016-0093/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/
https://security.gentoo.org/glsa/201701-27
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
http://www.securityfocus.com/bid/90531
http://www.securitytracker.com/id/1035876
http://www.talosintel.com/reports/TALOS-2016-0093/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/
https://security.gentoo.org/glsa/201701-27