CVE-2026-47224

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip (via the upstream 7-Zip LvmHandler). The vulnerability is triggered when opening a crafted LVM disk image. This issue has been patched in stable version 6.0.1698.0 and preview version 6.5.1742.0.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2026-47224

Affected Products

Nanazip

CVE-2026-47224

Weakness Enumeration

Related Identifiers

Affected Products

References · 2