CVE-2024-11477

The vulnerable software is 7-Zip, a widely used file compression utility. The issue arises from an integer underflow in the Zstandard decompression implementation, allowing remote attackers to execute arbitrary code on affected installations of 7-Zip by crafting specially designed archive files.

To exploit this issue, interaction with the 7-Zip library is required, but attack vectors may vary depending on the implementation. The problem stems from the lack of proper validation of user-supplied data, leading to an integer underflow before writing to memory, which an attacker can leverage to execute code in the context of the current process.

The vulnerable versions of 7-Zip are those prior to version 24.07. Users are advised to update to version 24.07 or later to mitigate this risk.

An exploit for this issue has been reported and demonstrated, highlighting the severity of the problem. #7Zip #RemoteCodeExecution #Cybersecurity #Zstandard #IntegerUnderflow #CodeExecution #Security #UpdateNow