7 Zip · P7Zip · CVE-2016-9296
**Name of the Vulnerable Software and Affected Versions**
p7zip versions 16.02 and earlier
**Description**
A null pointer dereference bug affects the software, causing a crash and a denial of service when decoding malformed 7z files. This issue is due to a lack of null pointer check for the variable `folders.PackPositions` in the function `CInArchive::ReadAndDecodePackedStreams` in the 7z.so library and in 7z applications.
**Recommendations**
For p7zip version 16.02 and earlier, consider updating to a newer version that includes a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.