CVE-2016-9296
Summary
| CVE | CVE-2016-9296 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-11-12 02:59:00 UTC |
| Updated | 2016-11-29 18:03:00 UTC |
| Description | A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files. |
Risk And Classification
Problem Types: CWE-476
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| p7zip Null Pointer Dereference CVE-2016-9296 Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| p7zip / Bugs / #185 null pointer access / segfault in NArchive::N7z::CInArchive::ReadAndDecodePackedStreams | MISC | sourceforge.net | Issue Tracking, Third Party Advisory |
| GitHub - yangke/7zip-null-pointer-dereference: This repository is for CVE bug report of p7zip only | MISC | github.com | Issue Tracking, Patch, Third Party Advisory |
| p7zip / Discussion / Open Discussion:A Null Pointer Dereference Bug of p7zip(including the latest p7zip_16.02) | MISC | sourceforge.net | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 500506 Alpine Linux Security Update for p7zip
- 504265 Alpine Linux Security Update for p7zip
- 900090 CBL-Mariner Linux Security Update for p7zip 16.02
- 901055 Common Base Linux Mariner (CBL-Mariner) Security Update for p7zip (6782-1)
- 903063 Common Base Linux Mariner (CBL-Mariner) Security Update for p7zip (4254)