Executive Summary

CVE-2026-47224 is a heap buffer-overflow read vulnerability in NanaZip's LVM metadata CRC check, which originates from upstream 7-Zip code. It occurs when NanaZip processes a specially crafted LVM disk image with a metadata size field between 1 and 511 bytes. The program allocates a buffer based on this size but then reads a fixed length of 508 bytes for a CRC-32 check without verifying that the buffer is large enough. This leads to an out-of-bounds read of up to 507 bytes past the allocated buffer.

The vulnerability is triggered during file opening via NanaZip's wildcard file association, even before any user interaction. While this out-of-bounds read may not directly expose data, it can cause application crashes or leak partial heap information through side channels.

The root cause is missing bounds validation on the metadata size field, which also causes a separate null-pointer dereference issue. The vulnerability affects NanaZip versions from 3.0.1000.0 up to but not including 6.0.1698.0, with fixes available in stable version 6.0.1698.0 and preview version 6.5.1742.0.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by causing application crashes (denial of service) when opening crafted LVM disk images with NanaZip. Additionally, it may lead to partial leakage of heap memory information through side channels, which could potentially be used for further attacks.

However, the vulnerability does not directly expose sensitive data and has a relatively low CVSS score, indicating limited impact primarily related to information disclosure and denial of service.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability is triggered when NanaZip opens a crafted LVM disk image containing a specially crafted metadata size field. Detection involves monitoring for crashes or abnormal behavior when opening LVM disk images with NanaZip versions between 3.0.1000.0 and before 6.0.1698.0.

Since the issue occurs during file opening via NanaZip's wildcard file association, one way to detect it is to test opening suspicious or untrusted LVM disk images with the affected NanaZip versions and observe for crashes or unexpected behavior.

No specific detection commands are provided in the available resources.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update NanaZip to a fixed version. The vulnerability has been patched in stable version 6.0.1698.0 and preview version 6.5.1742.0.

Avoid opening untrusted or crafted LVM disk images with vulnerable versions of NanaZip to prevent triggering the heap buffer-overflow read.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in NanaZip involves a heap buffer-overflow read that can lead to partial heap information leakage through side channels and potential denial of service. However, there is no direct indication from the provided information that this vulnerability results in unauthorized access to personal or sensitive data.

Since the issue primarily causes information disclosure limited to partial heap data and crashes, its impact on compliance with standards like GDPR or HIPAA—which focus on protection of personal and sensitive data—is likely minimal or indirect.

No explicit mention is made regarding regulatory compliance impact in the provided resources.

Useful 0 Not Useful 0