PT-2025-17393 · 7 Zip+3 · 7-Zip+2
Published
2025-04-19
·
Updated
2025-08-18
·
CVE-2022-47112
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
7-Zip versions 22.01 through 24.09
Description
The issue involves 7-Zip not reporting an error for certain invalid xz files, specifically those with issues related to stream flags and reserved bits.
Recommendations
For versions 22.01 through 24.09, update to a version later than 24.09 to resolve the issue.
Exploit
Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
7-Zip
Astra Linux
Debian