CVE-2026-42445

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0

Description An uncontrolled recursion issue exists in the UFS/UFS2 filesystem image parser. The GetAllPaths() function recurses into subdirectories without depth limits or visited-inode tracking. A specially crafted UFS image containing an inode cycle or a deep directory tree can lead to stack exhaustion, resulting in a process crash.

Recommendations Update to version 6.0.1698.0.