Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie

Type deb

Namespace debian

Name p7zip

Version 16.02+transitional.1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6qgu-7h5h-1bed

vulnerability_id VCID-6qgu-7h5h-1bed

summary 7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-53817

reference_id

reference_type

scores

value	0.00103
scoring_system	epss
scoring_elements	0.28193
published_at	2026-04-21T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.2824
published_at	2026-04-18T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28305
published_at	2026-04-12T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28258
published_at	2026-04-16T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28247
published_at	2026-04-13T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31495
published_at	2026-04-11T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.3146
published_at	2026-04-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31549
published_at	2026-04-02T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31591
published_at	2026-04-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31406
published_at	2026-04-07T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.3149
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-53817

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53817
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53817

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.openwall.com/lists/oss-security/2025/07/18/2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-17T20:25:46Z/

url

https://www.openwall.com/lists/oss-security/2025/07/18/2

reference_url

https://securitylab.github.com/advisories/GHSL-2025-059_7-Zip/

reference_id

GHSL-2025-059_7-Zip

reference_type

scores

value	5.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-17T20:25:46Z/

url

https://securitylab.github.com/advisories/GHSL-2025-059_7-Zip/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2025-53817

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6qgu-7h5h-1bed

url VCID-6xnz-5ctc-fkbk

vulnerability_id VCID-6xnz-5ctc-fkbk

summary 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SQFS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18589.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-40481

reference_id

reference_type

scores

value	0.0431
scoring_system	epss
scoring_elements	0.88899
published_at	2026-04-21T12:55:00Z

value	0.0431
scoring_system	epss
scoring_elements	0.88845
published_at	2026-04-02T12:55:00Z

value	0.0431
scoring_system	epss
scoring_elements	0.88885
published_at	2026-04-09T12:55:00Z

value	0.0431
scoring_system	epss
scoring_elements	0.88897
published_at	2026-04-11T12:55:00Z

value	0.0431
scoring_system	epss
scoring_elements	0.88891
published_at	2026-04-13T12:55:00Z

value	0.0431
scoring_system	epss
scoring_elements	0.88904
published_at	2026-04-16T12:55:00Z

value	0.0431
scoring_system	epss
scoring_elements	0.88903
published_at	2026-04-18T12:55:00Z

value	0.0431
scoring_system	epss
scoring_elements	0.8886
published_at	2026-04-04T12:55:00Z

value	0.0431
scoring_system	epss
scoring_elements	0.88862
published_at	2026-04-07T12:55:00Z

value	0.0431
scoring_system	epss
scoring_elements	0.8888
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-40481

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40481
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40481

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/

reference_id

713c8a8269

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T19:54:59Z/

url

https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-23-1164/

reference_id

ZDI-23-1164

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T19:54:59Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-23-1164/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2023-40481

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xnz-5ctc-fkbk

url VCID-8q1b-v4dz-ukd7

vulnerability_id VCID-8q1b-v4dz-ukd7

summary

Multiple vulnerabilities have been found in 7-Zip, the worst of
    which may allow execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2334

reference_id

reference_type

scores

value	0.16299
scoring_system	epss
scoring_elements	0.94848
published_at	2026-04-21T12:55:00Z

value	0.16299
scoring_system	epss
scoring_elements	0.94797
published_at	2026-04-01T12:55:00Z

value	0.16299
scoring_system	epss
scoring_elements	0.94807
published_at	2026-04-02T12:55:00Z

value	0.16299
scoring_system	epss
scoring_elements	0.9481
published_at	2026-04-04T12:55:00Z

value	0.16299
scoring_system	epss
scoring_elements	0.94812
published_at	2026-04-07T12:55:00Z

value	0.16299
scoring_system	epss
scoring_elements	0.94822
published_at	2026-04-08T12:55:00Z

value	0.16299
scoring_system	epss
scoring_elements	0.94826
published_at	2026-04-09T12:55:00Z

value	0.16299
scoring_system	epss
scoring_elements	0.9483
published_at	2026-04-11T12:55:00Z

value	0.16299
scoring_system	epss
scoring_elements	0.94833
published_at	2026-04-12T12:55:00Z

value	0.16299
scoring_system	epss
scoring_elements	0.94834
published_at	2026-04-13T12:55:00Z

value	0.16299
scoring_system	epss
scoring_elements	0.94841
published_at	2026-04-16T12:55:00Z

value	0.16299
scoring_system	epss
scoring_elements	0.94844
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2334

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2334
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2334

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824160
reference_id	824160
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824160

reference_url	https://security.gentoo.org/glsa/201701-27
reference_id	GLSA-201701-27
reference_type
scores
url	https://security.gentoo.org/glsa/201701-27

fixed_packages

url	pkg:deb/debian/p7zip@15.14.1%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/p7zip@15.14.1%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@15.14.1%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

purl pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6qgu-7h5h-1bed

vulnerability	VCID-6xnz-5ctc-fkbk

vulnerability	VCID-hgkj-wq8u-q3eh

vulnerability	VCID-mjeh-zkd6-1kaj

vulnerability	VCID-ne48-dtxr-2ybq

vulnerability	VCID-pgke-8ce4-uybu

vulnerability	VCID-pj98-u4mm-r7cw

vulnerability	VCID-q99c-7ggg-wyep

vulnerability	VCID-rnzv-mnjr-rfby

vulnerability	VCID-uebs-8u4d-3bd1

vulnerability	VCID-xrbx-dps5-ekfe

vulnerability	VCID-ymuu-t8yt-4kbk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Bdfsg-8%3Fdistro=trixie

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2016-2334

risk_score 1.2

exploitability 0.5

weighted_severity 2.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8q1b-v4dz-ukd7

url VCID-bzcx-rxg3-aygs

vulnerability_id VCID-bzcx-rxg3-aygs

summary

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-11477

reference_id

reference_type

scores

value	0.38072
scoring_system	epss
scoring_elements	0.97213
published_at	2026-04-09T12:55:00Z

value	0.38072
scoring_system	epss
scoring_elements	0.97217
published_at	2026-04-12T12:55:00Z

value	0.38072
scoring_system	epss
scoring_elements	0.97216
published_at	2026-04-11T12:55:00Z

value	0.38072
scoring_system	epss
scoring_elements	0.97195
published_at	2026-04-02T12:55:00Z

value	0.38072
scoring_system	epss
scoring_elements	0.97201
published_at	2026-04-04T12:55:00Z

value	0.38072
scoring_system	epss
scoring_elements	0.97202
published_at	2026-04-07T12:55:00Z

value	0.38072
scoring_system	epss
scoring_elements	0.97211
published_at	2026-04-08T12:55:00Z

value	0.43636
scoring_system	epss
scoring_elements	0.97532
published_at	2026-04-21T12:55:00Z

value	0.43636
scoring_system	epss
scoring_elements	0.97521
published_at	2026-04-13T12:55:00Z

value	0.43636
scoring_system	epss
scoring_elements	0.97529
published_at	2026-04-16T12:55:00Z

value	0.43636
scoring_system	epss
scoring_elements	0.9753
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-11477

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-24-1532/

reference_id

ZDI-24-1532

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-30T04:55:53Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-24-1532/

fixed_packages

url	pkg:deb/debian/p7zip@0?distro=trixie
purl	pkg:deb/debian/p7zip@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@0%3Fdistro=trixie

url pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

purl pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6qgu-7h5h-1bed

vulnerability	VCID-6xnz-5ctc-fkbk

vulnerability	VCID-hgkj-wq8u-q3eh

vulnerability	VCID-mjeh-zkd6-1kaj

vulnerability	VCID-ne48-dtxr-2ybq

vulnerability	VCID-pgke-8ce4-uybu

vulnerability	VCID-pj98-u4mm-r7cw

vulnerability	VCID-q99c-7ggg-wyep

vulnerability	VCID-rnzv-mnjr-rfby

vulnerability	VCID-uebs-8u4d-3bd1

vulnerability	VCID-xrbx-dps5-ekfe

vulnerability	VCID-ymuu-t8yt-4kbk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Bdfsg-8%3Fdistro=trixie

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2024-11477

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bzcx-rxg3-aygs

url VCID-f41j-n5ph-gkb9

vulnerability_id VCID-f41j-n5ph-gkb9

summary Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).

references

reference_url	http://osvdb.org/43649
reference_id
reference_type
scores
url	http://osvdb.org/43649

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-6536

reference_id

reference_type

scores

value	0.02261
scoring_system	epss
scoring_elements	0.84643
published_at	2026-04-21T12:55:00Z

value	0.02261
scoring_system	epss
scoring_elements	0.84542
published_at	2026-04-01T12:55:00Z

value	0.02261
scoring_system	epss
scoring_elements	0.84558
published_at	2026-04-02T12:55:00Z

value	0.02261
scoring_system	epss
scoring_elements	0.8458
published_at	2026-04-04T12:55:00Z

value	0.02261
scoring_system	epss
scoring_elements	0.84583
published_at	2026-04-07T12:55:00Z

value	0.02261
scoring_system	epss
scoring_elements	0.84605
published_at	2026-04-08T12:55:00Z

value	0.02261
scoring_system	epss
scoring_elements	0.84611
published_at	2026-04-09T12:55:00Z

value	0.02261
scoring_system	epss
scoring_elements	0.8463
published_at	2026-04-11T12:55:00Z

value	0.02261
scoring_system	epss
scoring_elements	0.84625
published_at	2026-04-12T12:55:00Z

value	0.02261
scoring_system	epss
scoring_elements	0.8462
published_at	2026-04-13T12:55:00Z

value	0.02261
scoring_system	epss
scoring_elements	0.84641
published_at	2026-04-16T12:55:00Z

value	0.02261
scoring_system	epss
scoring_elements	0.84642
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-6536

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6536

reference_url	http://secunia.com/advisories/29434
reference_id
reference_type
scores
url	http://secunia.com/advisories/29434

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/41247
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/41247

reference_url	http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
reference_id
reference_type
scores
url	http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

reference_url	http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
reference_id
reference_type
scores
url	http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

reference_url	http://www.securityfocus.com/bid/28285
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/28285

reference_url	http://www.vupen.com/english/advisories/2008/0914/references
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/0914/references

reference_url	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
reference_id
reference_type
scores
url	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:3.13:::::::*
reference_id	cpe:2.3:a:7-zip:7-zip:3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.20:::::::*
reference_id	cpe:2.3:a:7-zip:7-zip:4.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.23:::::::*
reference_id	cpe:2.3:a:7-zip:7-zip:4.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.24:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.24:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.24:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.25:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.25:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.25:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.26:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.26:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.26:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.27:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.27:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.27:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.28:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.28:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.28:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.29:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.29:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.29:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.30:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.30:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.30:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.31:::::::*
reference_id	cpe:2.3:a:7-zip:7-zip:4.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.32:::::::*
reference_id	cpe:2.3:a:7-zip:7-zip:4.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.33:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.33:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.33:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.34:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.34:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.34:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.35:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.35:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.35:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.36:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.36:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.36:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.37:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.37:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.37:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.38:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.38:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.38:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.39:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.39:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.39:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.40:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.40:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.40:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.41:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.41:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.41:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.42:::::::*
reference_id	cpe:2.3:a:7-zip:7-zip:4.42:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.42:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.43:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.43:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.43:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.44:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.44:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.44:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.45:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.45:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.45:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.46:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.46:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.46:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.47:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.47:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.47:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.48:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.48:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.48:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.49:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.49:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.49:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.50:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.50:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.50:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.51:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.51:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.51:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.52:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.52:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.52:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.53:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.53:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.53:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.54:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.54:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.54:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.55:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:4.55:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:4.55:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip::beta::::::*
reference_id	cpe:2.3:a:7-zip:7-zip::beta::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip::beta::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-6536

reference_id

CVE-2008-6536

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

url

https://nvd.nist.gov/vuln/detail/CVE-2008-6536

fixed_packages

url	pkg:deb/debian/p7zip@4.57~dfsg.1-1?distro=trixie
purl	pkg:deb/debian/p7zip@4.57~dfsg.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@4.57~dfsg.1-1%3Fdistro=trixie

url pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

purl pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6qgu-7h5h-1bed

vulnerability	VCID-6xnz-5ctc-fkbk

vulnerability	VCID-hgkj-wq8u-q3eh

vulnerability	VCID-mjeh-zkd6-1kaj

vulnerability	VCID-ne48-dtxr-2ybq

vulnerability	VCID-pgke-8ce4-uybu

vulnerability	VCID-pj98-u4mm-r7cw

vulnerability	VCID-q99c-7ggg-wyep

vulnerability	VCID-rnzv-mnjr-rfby

vulnerability	VCID-uebs-8u4d-3bd1

vulnerability	VCID-xrbx-dps5-ekfe

vulnerability	VCID-ymuu-t8yt-4kbk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Bdfsg-8%3Fdistro=trixie

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2008-6536

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f41j-n5ph-gkb9

url VCID-h4pw-pga4-77ex

vulnerability_id VCID-h4pw-pga4-77ex

summary

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0411

reference_id

reference_type

scores

value	0.52406
scoring_system	epss
scoring_elements	0.97939
published_at	2026-04-18T12:55:00Z

value	0.52406
scoring_system	epss
scoring_elements	0.97913
published_at	2026-04-02T12:55:00Z

value	0.52406
scoring_system	epss
scoring_elements	0.9793
published_at	2026-04-12T12:55:00Z

value	0.52406
scoring_system	epss
scoring_elements	0.97932
published_at	2026-04-13T12:55:00Z

value	0.52406
scoring_system	epss
scoring_elements	0.97938
published_at	2026-04-21T12:55:00Z

value	0.52406
scoring_system	epss
scoring_elements	0.97915
published_at	2026-04-04T12:55:00Z

value	0.52406
scoring_system	epss
scoring_elements	0.97918
published_at	2026-04-07T12:55:00Z

value	0.52406
scoring_system	epss
scoring_elements	0.97923
published_at	2026-04-08T12:55:00Z

value	0.52406
scoring_system	epss
scoring_elements	0.97926
published_at	2026-04-09T12:55:00Z

value	0.52406
scoring_system	epss
scoring_elements	0.97929
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0411

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-25-045/

reference_id

ZDI-25-045

reference_type

scores

value	7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T04:55:28Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-25-045/

fixed_packages

url	pkg:deb/debian/p7zip@0?distro=trixie
purl	pkg:deb/debian/p7zip@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@0%3Fdistro=trixie

url pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

purl pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6qgu-7h5h-1bed

vulnerability	VCID-6xnz-5ctc-fkbk

vulnerability	VCID-hgkj-wq8u-q3eh

vulnerability	VCID-mjeh-zkd6-1kaj

vulnerability	VCID-ne48-dtxr-2ybq

vulnerability	VCID-pgke-8ce4-uybu

vulnerability	VCID-pj98-u4mm-r7cw

vulnerability	VCID-q99c-7ggg-wyep

vulnerability	VCID-rnzv-mnjr-rfby

vulnerability	VCID-uebs-8u4d-3bd1

vulnerability	VCID-xrbx-dps5-ekfe

vulnerability	VCID-ymuu-t8yt-4kbk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Bdfsg-8%3Fdistro=trixie

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2025-0411

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4pw-pga4-77ex

url VCID-hgkj-wq8u-q3eh

vulnerability_id VCID-hgkj-wq8u-q3eh

summary The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-52168

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22646
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2263
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22594
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22643
published_at	2026-04-18T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31571
published_at	2026-04-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31528
published_at	2026-04-02T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31388
published_at	2026-04-07T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31441
published_at	2026-04-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31472
published_at	2026-04-09T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31476
published_at	2026-04-11T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31433
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-52168

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52168
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52168

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.openwall.com/lists/oss-security/2024/07/03/10

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-11T19:17:52Z/

url

https://www.openwall.com/lists/oss-security/2024/07/03/10

reference_url

http://www.openwall.com/lists/oss-security/2024/07/03/10

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-11T19:17:52Z/

url

http://www.openwall.com/lists/oss-security/2024/07/03/10

reference_url

https://sourceforge.net/p/sevenzip/bugs/2402/

reference_id

2402

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-11T19:17:52Z/

url

https://sourceforge.net/p/sevenzip/bugs/2402/

reference_url	https://usn.ubuntu.com/7438-1/
reference_id	USN-7438-1
reference_type
scores
url	https://usn.ubuntu.com/7438-1/

reference_url

https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/

reference_id

vulnerabilities-in-7-zip-and-ntfs3

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-11T19:17:52Z/

url

https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2023-52168

risk_score 3.8

exploitability 0.5

weighted_severity 7.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgkj-wq8u-q3eh

url VCID-j4uh-y3j4-5kdw

vulnerability_id VCID-j4uh-y3j4-5kdw

summary A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9296

reference_id

reference_type

scores

value	0.01653
scoring_system	epss
scoring_elements	0.81962
published_at	2026-04-01T12:55:00Z

value	0.01653
scoring_system	epss
scoring_elements	0.81973
published_at	2026-04-02T12:55:00Z

value	0.01653
scoring_system	epss
scoring_elements	0.81996
published_at	2026-04-04T12:55:00Z

value	0.01653
scoring_system	epss
scoring_elements	0.81992
published_at	2026-04-07T12:55:00Z

value	0.01653
scoring_system	epss
scoring_elements	0.82019
published_at	2026-04-08T12:55:00Z

value	0.01653
scoring_system	epss
scoring_elements	0.82027
published_at	2026-04-09T12:55:00Z

value	0.01653
scoring_system	epss
scoring_elements	0.82046
published_at	2026-04-11T12:55:00Z

value	0.01653
scoring_system	epss
scoring_elements	0.82036
published_at	2026-04-12T12:55:00Z

value	0.01653
scoring_system	epss
scoring_elements	0.82029
published_at	2026-04-13T12:55:00Z

value	0.01653
scoring_system	epss
scoring_elements	0.82064
published_at	2026-04-16T12:55:00Z

value	0.01653
scoring_system	epss
scoring_elements	0.82065
published_at	2026-04-18T12:55:00Z

value	0.01653
scoring_system	epss
scoring_elements	0.82066
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9296

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844344
reference_id	844344
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844344

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

purl pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6qgu-7h5h-1bed

vulnerability	VCID-6xnz-5ctc-fkbk

vulnerability	VCID-hgkj-wq8u-q3eh

vulnerability	VCID-mjeh-zkd6-1kaj

vulnerability	VCID-ne48-dtxr-2ybq

vulnerability	VCID-pgke-8ce4-uybu

vulnerability	VCID-pj98-u4mm-r7cw

vulnerability	VCID-q99c-7ggg-wyep

vulnerability	VCID-rnzv-mnjr-rfby

vulnerability	VCID-uebs-8u4d-3bd1

vulnerability	VCID-xrbx-dps5-ekfe

vulnerability	VCID-ymuu-t8yt-4kbk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Bdfsg-8%3Fdistro=trixie

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2016-9296

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j4uh-y3j4-5kdw

url VCID-j6h3-hn7t-4ugj

vulnerability_id VCID-j6h3-hn7t-4ugj

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17969.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17969.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-17969

reference_id

reference_type

scores

value	0.02528
scoring_system	epss
scoring_elements	0.85359
published_at	2026-04-01T12:55:00Z

value	0.02528
scoring_system	epss
scoring_elements	0.85371
published_at	2026-04-02T12:55:00Z

value	0.02528
scoring_system	epss
scoring_elements	0.85391
published_at	2026-04-04T12:55:00Z

value	0.02528
scoring_system	epss
scoring_elements	0.85393
published_at	2026-04-07T12:55:00Z

value	0.02528
scoring_system	epss
scoring_elements	0.85415
published_at	2026-04-08T12:55:00Z

value	0.02528
scoring_system	epss
scoring_elements	0.85424
published_at	2026-04-09T12:55:00Z

value	0.02528
scoring_system	epss
scoring_elements	0.85438
published_at	2026-04-11T12:55:00Z

value	0.02528
scoring_system	epss
scoring_elements	0.85436
published_at	2026-04-12T12:55:00Z

value	0.02528
scoring_system	epss
scoring_elements	0.85433
published_at	2026-04-13T12:55:00Z

value	0.02528
scoring_system	epss
scoring_elements	0.85457
published_at	2026-04-16T12:55:00Z

value	0.02528
scoring_system	epss
scoring_elements	0.85461
published_at	2026-04-18T12:55:00Z

value	0.02528
scoring_system	epss
scoring_elements	0.85458
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-17969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1538457
reference_id	1538457
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1538457

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888297
reference_id	888297
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888297

reference_url	https://usn.ubuntu.com/3913-1/
reference_id	USN-3913-1
reference_type
scores
url	https://usn.ubuntu.com/3913-1/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Bdfsg-5?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Bdfsg-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Bdfsg-5%3Fdistro=trixie

url pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

purl pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6qgu-7h5h-1bed

vulnerability	VCID-6xnz-5ctc-fkbk

vulnerability	VCID-hgkj-wq8u-q3eh

vulnerability	VCID-mjeh-zkd6-1kaj

vulnerability	VCID-ne48-dtxr-2ybq

vulnerability	VCID-pgke-8ce4-uybu

vulnerability	VCID-pj98-u4mm-r7cw

vulnerability	VCID-q99c-7ggg-wyep

vulnerability	VCID-rnzv-mnjr-rfby

vulnerability	VCID-uebs-8u4d-3bd1

vulnerability	VCID-xrbx-dps5-ekfe

vulnerability	VCID-ymuu-t8yt-4kbk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Bdfsg-8%3Fdistro=trixie

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2017-17969

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6h3-hn7t-4ugj

url VCID-mjeh-zkd6-1kaj

vulnerability_id VCID-mjeh-zkd6-1kaj

summary p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. NOTE: the Supplier has found that this is not a buffer overflow; at most an out-of-bounds read can occur.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-47069

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11487
published_at	2026-04-21T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11568
published_at	2026-04-02T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11365
published_at	2026-04-16T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11364
published_at	2026-04-18T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11622
published_at	2026-04-04T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11413
published_at	2026-04-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11498
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11557
published_at	2026-04-09T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11567
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11533
published_at	2026-04-12T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11506
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-47069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47069
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47069

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://sourceforge.net/p/p7zip/bugs/241/

reference_id

241

reference_type

scores

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-03T14:10:55Z/

url

https://sourceforge.net/p/p7zip/bugs/241/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2022-47069

risk_score 0.8

exploitability 0.5

weighted_severity 1.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mjeh-zkd6-1kaj

url VCID-ne48-dtxr-2ybq

vulnerability_id VCID-ne48-dtxr-2ybq

summary 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11002

reference_id

reference_type

scores

value	0.00127
scoring_system	epss
scoring_elements	0.32045
published_at	2026-04-21T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32183
published_at	2026-04-02T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32061
published_at	2026-04-13T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32095
published_at	2026-04-16T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32072
published_at	2026-04-18T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32221
published_at	2026-04-04T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32046
published_at	2026-04-07T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32097
published_at	2026-04-08T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32126
published_at	2026-04-09T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.3213
published_at	2026-04-11T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32092
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11002

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11002
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11002

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-25-950/

reference_id

ZDI-25-950

reference_type

scores

value	7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:26Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-25-950/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2025-11002

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ne48-dtxr-2ybq

url VCID-pgke-8ce4-uybu

vulnerability_id VCID-pgke-8ce4-uybu

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11001

reference_id

reference_type

scores

value	0.00216
scoring_system	epss
scoring_elements	0.4419
published_at	2026-04-04T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.44167
published_at	2026-04-02T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.44174
published_at	2026-04-08T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.44123
published_at	2026-04-07T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.46015
published_at	2026-04-18T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45959
published_at	2026-04-21T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45966
published_at	2026-04-13T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.46019
published_at	2026-04-16T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45963
published_at	2026-04-09T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.45987
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11001

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/52501.py
reference_id	CVE-2025-11001
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/52501.py

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-25-949/

reference_id

ZDI-25-949

reference_type

scores

value	7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-21T05:02:06Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-25-949/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2025-11001

risk_score 8.4

exploitability 2.0

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgke-8ce4-uybu

url VCID-pj98-u4mm-r7cw

vulnerability_id VCID-pj98-u4mm-r7cw

summary 7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-47111

reference_id

reference_type

scores

value	0.00082
scoring_system	epss
scoring_elements	0.23948
published_at	2026-04-21T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24115
published_at	2026-04-02T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.23966
published_at	2026-04-13T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.23976
published_at	2026-04-16T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.23964
published_at	2026-04-18T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24153
published_at	2026-04-04T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.23934
published_at	2026-04-07T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24001
published_at	2026-04-08T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24047
published_at	2026-04-09T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24064
published_at	2026-04-11T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24022
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-47111

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47111
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47111

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/boofish/semantic-bugs/

reference_id

semantic-bugs

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T15:10:57Z/

url

https://github.com/boofish/semantic-bugs/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2022-47111

risk_score 1.1

exploitability 0.5

weighted_severity 2.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pj98-u4mm-r7cw

url VCID-q99c-7ggg-wyep

vulnerability_id VCID-q99c-7ggg-wyep

summary Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-31102

reference_id

reference_type

scores

value	0.38378
scoring_system	epss
scoring_elements	0.97219
published_at	2026-04-07T12:55:00Z

value	0.38378
scoring_system	epss
scoring_elements	0.97213
published_at	2026-04-02T12:55:00Z

value	0.38378
scoring_system	epss
scoring_elements	0.97248
published_at	2026-04-21T12:55:00Z

value	0.38378
scoring_system	epss
scoring_elements	0.97245
published_at	2026-04-18T12:55:00Z

value	0.38378
scoring_system	epss
scoring_elements	0.97243
published_at	2026-04-16T12:55:00Z

value	0.38378
scoring_system	epss
scoring_elements	0.97235
published_at	2026-04-13T12:55:00Z

value	0.38378
scoring_system	epss
scoring_elements	0.97234
published_at	2026-04-12T12:55:00Z

value	0.38378
scoring_system	epss
scoring_elements	0.97233
published_at	2026-04-11T12:55:00Z

value	0.38378
scoring_system	epss
scoring_elements	0.9723
published_at	2026-04-09T12:55:00Z

value	0.38378
scoring_system	epss
scoring_elements	0.97229
published_at	2026-04-08T12:55:00Z

value	0.38378
scoring_system	epss
scoring_elements	0.97218
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-31102

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31102
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31102

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/

reference_id

713c8a8269

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-06T13:42:37Z/

url

https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/

reference_url

https://www.7-zip.org/download.html

reference_id

download.html

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-06T13:42:37Z/

url

https://www.7-zip.org/download.html

reference_url

https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/

reference_id

integer-overflow-in-7-zip-cve-2023-31102

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-06T13:42:37Z/

url

https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/

reference_url

https://security.netapp.com/advisory/ntap-20231110-0007/

reference_id

ntap-20231110-0007

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-06T13:42:37Z/

url

https://security.netapp.com/advisory/ntap-20231110-0007/

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-23-1165/

reference_id

ZDI-23-1165

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-06T13:42:37Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-23-1165/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2023-31102

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q99c-7ggg-wyep

url VCID-rnzv-mnjr-rfby

vulnerability_id VCID-rnzv-mnjr-rfby

summary 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-11612

reference_id

reference_type

scores

value	0.00171
scoring_system	epss
scoring_elements	0.38308
published_at	2026-04-21T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38344
published_at	2026-04-13T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38391
published_at	2026-04-16T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38371
published_at	2026-04-18T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38442
published_at	2026-04-02T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38466
published_at	2026-04-04T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38331
published_at	2026-04-07T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38381
published_at	2026-04-08T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38389
published_at	2026-04-09T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38406
published_at	2026-04-11T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38368
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-11612

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11612
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11612

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-24-1606/

reference_id

ZDI-24-1606

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T15:12:13Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-24-1606/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2024-11612

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rnzv-mnjr-rfby

url VCID-uebs-8u4d-3bd1

vulnerability_id VCID-uebs-8u4d-3bd1

summary The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-52169

reference_id

reference_type

scores

value	0.00175
scoring_system	epss
scoring_elements	0.39106
published_at	2026-04-16T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.3905
published_at	2026-04-13T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38989
published_at	2026-04-21T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.39076
published_at	2026-04-18T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52063
published_at	2026-04-04T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52037
published_at	2026-04-02T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52028
published_at	2026-04-07T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52083
published_at	2026-04-08T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52079
published_at	2026-04-09T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52131
published_at	2026-04-11T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52114
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-52169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52169

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.openwall.com/lists/oss-security/2024/07/03/10

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:47:13Z/

url

https://www.openwall.com/lists/oss-security/2024/07/03/10

reference_url

http://www.openwall.com/lists/oss-security/2024/07/03/10

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:47:13Z/

url

http://www.openwall.com/lists/oss-security/2024/07/03/10

reference_url

https://sourceforge.net/p/sevenzip/bugs/2402/

reference_id

2402

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:47:13Z/

url

https://sourceforge.net/p/sevenzip/bugs/2402/

reference_url	https://usn.ubuntu.com/7438-1/
reference_id	USN-7438-1
reference_type
scores
url	https://usn.ubuntu.com/7438-1/

reference_url

https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/

reference_id

vulnerabilities-in-7-zip-and-ntfs3

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:47:13Z/

url

https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2023-52169

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uebs-8u4d-3bd1

url VCID-xnza-jsw8-pbcy

vulnerability_id VCID-xnza-jsw8-pbcy

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1038

reference_id

reference_type

scores

value	0.03183
scoring_system	epss
scoring_elements	0.86918
published_at	2026-04-01T12:55:00Z

value	0.03183
scoring_system	epss
scoring_elements	0.86929
published_at	2026-04-02T12:55:00Z

value	0.03183
scoring_system	epss
scoring_elements	0.86948
published_at	2026-04-04T12:55:00Z

value	0.03183
scoring_system	epss
scoring_elements	0.86941
published_at	2026-04-07T12:55:00Z

value	0.03183
scoring_system	epss
scoring_elements	0.86961
published_at	2026-04-08T12:55:00Z

value	0.03183
scoring_system	epss
scoring_elements	0.86969
published_at	2026-04-09T12:55:00Z

value	0.03183
scoring_system	epss
scoring_elements	0.86982
published_at	2026-04-11T12:55:00Z

value	0.03183
scoring_system	epss
scoring_elements	0.86977
published_at	2026-04-12T12:55:00Z

value	0.03183
scoring_system	epss
scoring_elements	0.86972
published_at	2026-04-13T12:55:00Z

value	0.03183
scoring_system	epss
scoring_elements	0.86987
published_at	2026-04-16T12:55:00Z

value	0.03183
scoring_system	epss
scoring_elements	0.86991
published_at	2026-04-18T12:55:00Z

value	0.03183
scoring_system	epss
scoring_elements	0.86989
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1038

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1038

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660
reference_id	774660
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660

fixed_packages

url	pkg:deb/debian/p7zip@9.20.1~dfsg.1-4.2?distro=trixie
purl	pkg:deb/debian/p7zip@9.20.1~dfsg.1-4.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@9.20.1~dfsg.1-4.2%3Fdistro=trixie

url pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

purl pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6qgu-7h5h-1bed

vulnerability	VCID-6xnz-5ctc-fkbk

vulnerability	VCID-hgkj-wq8u-q3eh

vulnerability	VCID-mjeh-zkd6-1kaj

vulnerability	VCID-ne48-dtxr-2ybq

vulnerability	VCID-pgke-8ce4-uybu

vulnerability	VCID-pj98-u4mm-r7cw

vulnerability	VCID-q99c-7ggg-wyep

vulnerability	VCID-rnzv-mnjr-rfby

vulnerability	VCID-uebs-8u4d-3bd1

vulnerability	VCID-xrbx-dps5-ekfe

vulnerability	VCID-ymuu-t8yt-4kbk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Bdfsg-8%3Fdistro=trixie

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2015-1038

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnza-jsw8-pbcy

url VCID-xrbx-dps5-ekfe

vulnerability_id VCID-xrbx-dps5-ekfe

summary 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-47112

reference_id

reference_type

scores

value	0.00082
scoring_system	epss
scoring_elements	0.23948
published_at	2026-04-21T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24115
published_at	2026-04-02T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.23966
published_at	2026-04-13T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.23976
published_at	2026-04-16T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.23964
published_at	2026-04-18T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24153
published_at	2026-04-04T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.23934
published_at	2026-04-07T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24001
published_at	2026-04-08T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24047
published_at	2026-04-09T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24064
published_at	2026-04-11T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24022
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-47112

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47112
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47112

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/boofish/semantic-bugs/

reference_id

semantic-bugs

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T15:10:01Z/

url

https://github.com/boofish/semantic-bugs/

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2022-47112

risk_score 1.1

exploitability 0.5

weighted_severity 2.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xrbx-dps5-ekfe

url VCID-ymuu-t8yt-4kbk

vulnerability_id VCID-ymuu-t8yt-4kbk

summary 7-Zip before 25.01 does not always properly handle symbolic links during extraction.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55188

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10599
published_at	2026-04-04T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10529
published_at	2026-04-02T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1063
published_at	2026-04-11T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10601
published_at	2026-04-09T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10535
published_at	2026-04-08T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10461
published_at	2026-04-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10597
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11643
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11519
published_at	2026-04-18T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11516
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1166
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55188

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55188
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55188

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.openwall.com/lists/oss-security/2025/08/09/1

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:21:33Z/

url

https://www.openwall.com/lists/oss-security/2025/08/09/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111068
reference_id	1111068
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111068

reference_url

https://github.com/ip7z/7zip/compare/25.00...25.01

reference_id

25.00...25.01

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:21:33Z/

url

https://github.com/ip7z/7zip/compare/25.00...25.01

reference_url

https://github.com/ip7z/7zip/releases/tag/25.01

reference_id

25.01

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:21:33Z/

url

https://github.com/ip7z/7zip/releases/tag/25.01

reference_url

https://lunbun.dev/blog/cve-2025-55188/

reference_id

cve-2025-55188

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:21:33Z/

url

https://lunbun.dev/blog/cve-2025-55188/

reference_url

https://github.com/lunbun/CVE-2025-55188/

reference_id

CVE-2025-55188

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:21:33Z/

url

https://github.com/lunbun/CVE-2025-55188/

reference_url

https://www.vicarius.io/vsociety/posts/cve-2025-55188-detect-7-zip-vulnerable-version

reference_id

cve-2025-55188-detect-7-zip-vulnerable-version

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:21:33Z/

url

https://www.vicarius.io/vsociety/posts/cve-2025-55188-detect-7-zip-vulnerable-version

reference_url

https://www.vicarius.io/vsociety/posts/cve-2025-55188-mitigate-7-zip-vulnerability

reference_id

cve-2025-55188-mitigate-7-zip-vulnerability

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:21:33Z/

url

https://www.vicarius.io/vsociety/posts/cve-2025-55188-mitigate-7-zip-vulnerability

reference_url

https://sourceforge.net/p/sevenzip/discussion/45797/thread/da14cd780b/

reference_id

da14cd780b

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:21:33Z/

url

https://sourceforge.net/p/sevenzip/discussion/45797/thread/da14cd780b/

reference_url

https://youtu.be/sWT6M1cfnwM

reference_id

sWT6M1cfnwM

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:21:33Z/

url

https://youtu.be/sWT6M1cfnwM

fixed_packages

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2025-55188

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ymuu-t8yt-4kbk

url VCID-yx2s-gkz7-nyb2

vulnerability_id VCID-yx2s-gkz7-nyb2

summary

Multiple vulnerabilities have been found in 7-Zip, the worst of
    which may allow execution of arbitrary code.

references

reference_url	http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
reference_id
reference_type
scores
url	http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-06/msg00004.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-06/msg00004.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-06/msg00098.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-06/msg00098.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-07/msg00069.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-07/msg00069.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2335

reference_id

reference_type

scores

value	0.02052
scoring_system	epss
scoring_elements	0.83907
published_at	2026-04-21T12:55:00Z

value	0.02052
scoring_system	epss
scoring_elements	0.83878
published_at	2026-04-12T12:55:00Z

value	0.02052
scoring_system	epss
scoring_elements	0.83874
published_at	2026-04-13T12:55:00Z

value	0.02052
scoring_system	epss
scoring_elements	0.83808
published_at	2026-04-01T12:55:00Z

value	0.02052
scoring_system	epss
scoring_elements	0.83821
published_at	2026-04-02T12:55:00Z

value	0.02052
scoring_system	epss
scoring_elements	0.83836
published_at	2026-04-04T12:55:00Z

value	0.02052
scoring_system	epss
scoring_elements	0.83838
published_at	2026-04-07T12:55:00Z

value	0.02052
scoring_system	epss
scoring_elements	0.83861
published_at	2026-04-08T12:55:00Z

value	0.02052
scoring_system	epss
scoring_elements	0.83867
published_at	2026-04-09T12:55:00Z

value	0.02052
scoring_system	epss
scoring_elements	0.83884
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2335

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/

reference_url	http://www.debian.org/security/2016/dsa-3599
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3599

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

reference_url	http://www.securityfocus.com/bid/90531
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90531

reference_url	http://www.securitytracker.com/id/1035876
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035876

reference_url	http://www.talosintel.com/reports/TALOS-2016-0094/
reference_id
reference_type
scores
url	http://www.talosintel.com/reports/TALOS-2016-0094/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824160
reference_id	824160
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824160

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:15.05:beta::::::
reference_id	cpe:2.3:a:7-zip:7-zip:15.05:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:15.05:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:9.20:::::::*
reference_id	cpe:2.3:a:7-zip:7-zip:9.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:7-zip:7-zip:9.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2335

reference_id

CVE-2016-2335

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2335

reference_url	https://security.gentoo.org/glsa/201701-27
reference_id	GLSA-201701-27
reference_type
scores
url	https://security.gentoo.org/glsa/201701-27

reference_url	https://usn.ubuntu.com/3913-1/
reference_id	USN-3913-1
reference_type
scores
url	https://usn.ubuntu.com/3913-1/

fixed_packages

url	pkg:deb/debian/p7zip@15.14.1%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/p7zip@15.14.1%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@15.14.1%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

purl pkg:deb/debian/p7zip@16.02%2Bdfsg-8?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6qgu-7h5h-1bed

vulnerability	VCID-6xnz-5ctc-fkbk

vulnerability	VCID-hgkj-wq8u-q3eh

vulnerability	VCID-mjeh-zkd6-1kaj

vulnerability	VCID-ne48-dtxr-2ybq

vulnerability	VCID-pgke-8ce4-uybu

vulnerability	VCID-pj98-u4mm-r7cw

vulnerability	VCID-q99c-7ggg-wyep

vulnerability	VCID-rnzv-mnjr-rfby

vulnerability	VCID-uebs-8u4d-3bd1

vulnerability	VCID-xrbx-dps5-ekfe

vulnerability	VCID-ymuu-t8yt-4kbk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Bdfsg-8%3Fdistro=trixie

url	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
purl	pkg:deb/debian/p7zip@16.02%2Btransitional.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

aliases CVE-2016-2335

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yx2s-gkz7-nyb2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/p7zip@16.02%252Btransitional.1%3Fdistro=trixie

Package Instance