Source: 7zip Version: 24.09+dfsg-8 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for 7zip. CVE-2025-53816[0]: | 7-Zip is a file archiver with a high compression ratio. Zeroes | written outside heap buffer in RAR5 handler may lead to memory | corruption and denial of service in versions of 7-Zip prior to | 25.0.0. Version 25.0.0 contains a fix for the issue. CVE-2025-53817[1]: | 7-Zip is a file archiver with a high compression ratio. 7-Zip | supports extracting from Compound Documents. Prior to version | 25.0.0, a null pointer dereference in the Compound handler may lead | to denial of service. Version 25.0.0 contains a fix cor the issue. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-53816 https://www.cve.org/CVERecord?id=CVE-2025-53816 https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/ [1] https://security-tracker.debian.org/tracker/CVE-2025-53817 https://www.cve.org/CVERecord?id=CVE-2025-53817 https://securitylab.github.com/advisories/GHSL-2025-059_7-Zip/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
