Landave

Name of the Vulnerable Software and Affected Versions: 7-Zip versions prior to 18.00 p7zip (affected versions not specified) Description: The issue is a heap-based buffer overflow in the `NCompress::NShrink::CDecoder::CodeReal` method. This allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. Recommendations: For 7-Zip versions prior to 18.00, update to version 18.00 or later to resolve the issue. For p7zip, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider avoiding the use of the `NCompress::NShrink::CDecoder::CodeReal` method until a patch is available.