CVE-2024-11612

Name of the Vulnerable Software and Affected Versions 7-Zip versions prior to 24.08

Description The issue is related to a logic error in the processing of streams, which can lead to an infinite loop. This allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with the library is required to exploit this vulnerability, but attack vectors may vary depending on the implementation.

Recommendations For 7-Zip versions prior to 24.08, update to version 24.08 or later to resolve the issue. As a temporary workaround, consider restricting access to the CopyCoder component until a patch is available. Avoid using the CopyCoder handler in the affected 7-Zip installations to minimize the risk of exploitation.