HIGH 8.8
CVE-2016-2335
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
2.1%
percentile 84.0%
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| 7-zip | 7-zip | Windows | — | cpe:2.3:a:7-zip:7-zip:9.20:*:*:*:*:*:*:* |
| 7-zip | 7-zip | Windows | — | cpe:2.3:a:7-zip:7-zip:15.05:beta:*:*:*:*:*:* |