VulnerableCode Package Details - pkg:deb/debian/7zip@25.00%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6qgu-7h5h-1bed	7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.	CVE-2025-53817
VCID-ne48-dtxr-2ybq	7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.	CVE-2025-11002
VCID-pgke-8ce4-uybu	7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.	CVE-2025-11001

Vulnerability

Summary

Aliases

VCID-6qgu-7h5h-1bed

7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.

CVE-2025-53817

VCID-ne48-dtxr-2ybq

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.

CVE-2025-11002

VCID-pgke-8ce4-uybu

CVE-2025-11001

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-20T16:38:33.563597+00:00	Debian Importer	Fixing	VCID-6qgu-7h5h-1bed	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-20T16:38:33.517208+00:00	Debian Importer	Fixing	VCID-ne48-dtxr-2ybq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-20T16:38:33.468452+00:00	Debian Importer	Fixing	VCID-pgke-8ce4-uybu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-03T07:19:28.658550+00:00	Debian Importer	Fixing	VCID-6qgu-7h5h-1bed	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:19:28.619450+00:00	Debian Importer	Fixing	VCID-ne48-dtxr-2ybq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:19:28.581091+00:00	Debian Importer	Fixing	VCID-pgke-8ce4-uybu	https://security-tracker.debian.org/tracker/data/json	38.1.0