-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4576-1 [email protected]
https://www.debian.org/lts/security/ Sylvain Beucler
May 11, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : p7zip
Version : 16.02+really25.01+dfsg-0+deb11u1
CVE ID : CVE-2022-47069 CVE-2023-31102 CVE-2023-40481 CVE-2023-52168
CVE-2023-52169 CVE-2024-11612 CVE-2025-11001 CVE-2025-11002
CVE-2025-53817 CVE-2025-55188
Debian Bug : 1111068
Multiple vulnerabilities were discovered in p7zip, a now unmaintained
fork of 7-Zip, a file archiver handling multiple formats.
To address these security vulnerabilities, whose fixes are
unfortunately not isolated, this update replaces p7zip with 7-Zip v25
(which now supports GNU/Linux natively), slightly modified to make it
reasonably compatible with p7zip.
CVE-2022-47069
heap-buffer-overflow vulnerability via the function
NArchive::NZip::CInArchive::FindCd
CVE-2023-31102
Ppmd7.c allows an integer underflow and invalid read operation via
a crafted 7Z archive.
CVE-2023-40481
SquashFS File Parsing Out-Of-Bounds Write RCE
CVE-2023-52168
heap-based buffer overflow in NTFS handler
CVE-2023-52169
out-of-bounds read in NTFS handler
CVE-2024-11612
CopyCoder Infinite Loop Denial-of-Service
CVE-2025-11001
ZIP File Parsing Directory Traversal RCE
CVE-2025-11002
ZIP File Parsing Directory Traversal RCE
CVE-2025-53817
null pointer dereference in the Compound handler may lead to
denial of service
CVE-2025-55188
does not always properly handle symbolic links
For Debian 11 bullseye, these problems have been fixed in version
16.02+really25.01+dfsg-0+deb11u1.
We recommend that you upgrade your p7zip packages.
For the detailed security status of p7zip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/p7zip
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmoB2N8ACgkQDTl9HeUl
XjAcqg//ebkWE22NnXPvlFOEEt1xpxJNvu5fg6qQ1xExLb8knb46ZHHrUn2noWYw
XRdZlBJIpt8KTy10ftz9aMFG5QCB1LYuX4YkRoNzqtkyz6NR6wOD+mQBJZ1H2wng
qbfAByLEuCw+bvNS1488QdqbroSgmDi7Am/yhD6FAR9i31BGRSabOglDiD8PnDtU
QgXDglVhW3OUwKqFEg0jzeV/0kzCAWsJvqlnEooXZnNY6v53GRJx9sOxAKZDERZ1
mVsw4IUpiT/0GgGPiY75xZRDy2XRMjjX7qWDqEVMJABZLlZJ37CjIOyCyDAr7c/i
NEhfjU0t8Tmmw2LK+voelAo1F2uTQUVsXjTvoyQm5rJfKoojvEH8p2djlZ+bdRDk
HM47wH8DHMk4J9OhppVwogdeRNqJQ10jV9X6OXOo3zoW9T4stl9HBMxJI0CWTwf/
7Z8R/NP2Dtlrm3kLxfXJZPXTaLpWWpWgqP7oc2XqjDZ4L8aoiBR7bCLKP4AldTAg
wTj18MgO3t/FNRrftlOmzmoN8KwJ0OuZgpMa5DXcWLNLzdWUXrkI/1vmz+gAQlYB
DGXcUwMycBZLv19AsePI7/J9aT0KjhFvPG1CTgt7py5gwcoEMRZcG0wpvM0b77fP
Rv//t7tYk0XSl/K3dEYEZ/7kVI/on8y98wh6Bi8vACbKqDxVjUQ=
=e/xF
-----END PGP SIGNATURE-----
