CVE-2026-42444

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0

Description A denial-of-service issue exists in the littlefs filesystem image parser. The Open() method reads the BlockCount value from the superblock without validating it against the actual file size or an upper-bound limit. An attacker can use a crafted 44-byte littlefs image with BlockCount set to 0xFFFFFFFF to trigger approximately 4 billion heap allocations, leading to memory exhaustion.

Recommendations Update to version 6.0.1698.0.