VulnerableCode Package Details - pkg:deb/debian/7zip@0?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-bzcx-rxg3-aygs	7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.	CVE-2024-11477
VCID-h4pw-pga4-77ex	7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.	CVE-2025-0411

Vulnerability

Summary

Aliases

VCID-bzcx-rxg3-aygs

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.

CVE-2024-11477

VCID-h4pw-pga4-77ex

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

CVE-2025-0411

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:29:20.776388+00:00	Debian Importer	Fixing	VCID-bzcx-rxg3-aygs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:43:10.096474+00:00	Debian Importer	Fixing	VCID-h4pw-pga4-77ex	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:04:46.025226+00:00	Debian Importer	Fixing	VCID-bzcx-rxg3-aygs	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:51:29.944707+00:00	Debian Importer	Fixing	VCID-h4pw-pga4-77ex	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:10:24.823257+00:00	Debian Importer	Fixing	VCID-bzcx-rxg3-aygs	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:02:27.492486+00:00	Debian Importer	Fixing	VCID-h4pw-pga4-77ex	https://security-tracker.debian.org/tracker/data/json	38.1.0