{ "schema_version": "1.4.0", "id": "GHSA-62c7-f6mx-fmm8", "modified": "2025-04-12T13:07:19Z", "published": "2022-05-17T00:18:39Z", "aliases": [ "CVE-2016-2334" ], "details": "Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2334" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201701-27" }, { "type": "WEB", "url": "http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html" }, { "type": "WEB", "url": "http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/90531" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1035876" }, { "type": "WEB", "url": "http://www.talosintel.com/reports/TALOS-2016-0093" } ], "database_specific": { "cwe_ids": [ "CWE-119" ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2016-12-13T22:59:00Z" } }