PT-2026-22045 · Nanazip · Nanazip
Ho-9
·
Published
2026-02-25
·
Updated
2026-02-26
·
CVE-2026-27711
CVSS v3.1
6.6
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
NanaZip versions 5.0.1252.0 through 6.0.1637.0
NanaZip versions 6.5.1637.0
Description
NanaZip, an open source file archive, contains a memory corruption issue in its UFS parser. A specially crafted
.ufs, .ufs2, or .img file can cause out-of-bounds memory access when the archive is opened or listed. This flaw is reachable through normal user file-open operations and may lead to process crashes, hangs, and potentially exploitable heap corruption.Recommendations
Update to NanaZip version 6.0.1638.0 or later.
Update to NanaZip version 6.5.1638.0 or later.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nanazip