CVE-2026-48102
Received Received - Intake
Heap Out-of-Bounds Read in 7-Zip

Publication date: 2026-06-05

Last updated on: 2026-06-05

Assigner: GitHub, Inc.

Description
7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse (CPP/7zip/Archive/Udf/UdfIn.cpp), after validating size < 38 + idLen + impLen and advancing processed to 38 + impLen + idLen, the alignment-padding loop reads p[processed] while incrementing up to 3 times to reach a 4-byte boundary, and the processed <= size bounds check only runs after the loop. When (38 + impLen + idLen) % 4 != 0 and 38 + impLen + idLen == size, the loop reads 1 to 3 bytes past the end of the exact-size heap buffer allocated via buf.Alloc((size_t)item.Size). The UDF handler is registered for .iso and .udf files and auto-detected by signature, and the OOB read triggers during Open() when listing or extracting a crafted UDF image. Impact is limited to information disclosure (a 1-bit oracle per OOB byte via open/fail behavior) and denial of service (crash under hardened allocators); there is no write primitive. Version 26.01 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-05
Generated
2026-06-05
AI Q&A
2026-06-05
EPSS Evaluated
N/A
NVD
CVE-2026-48102
EUVD
EUVD-2026-34850
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
7-zip 7-zip From 9.11 (inc) to 26.00 (inc)
7-zip 7-zip 26.01
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in 7-Zip allows for limited information disclosure and denial of service but does not provide a write primitive. There is no specific information in the provided context about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.


Can you explain this vulnerability to me?

This vulnerability exists in 7-Zip versions 9.11 through 26.00 within the UDF disc image handler's File Identifier Descriptor parser. It is a heap out-of-bounds read of up to 3 bytes caused by improper bounds checking during alignment-padding in the parsing process. Specifically, when certain size conditions are met, the code reads 1 to 3 bytes beyond the allocated heap buffer.

The issue occurs during the Open() operation when listing or extracting crafted UDF (.iso or .udf) images. The vulnerability can lead to information disclosure through a 1-bit oracle per out-of-bounds byte and may cause denial of service by crashing under hardened memory allocators. There is no ability to write or modify data through this vulnerability.

This flaw was fixed in version 26.01 of 7-Zip.


How can this vulnerability impact me? :

The primary impacts of this vulnerability are limited to information disclosure and denial of service.

  • Information disclosure: An attacker can potentially gain small amounts of information (1 bit per out-of-bounds byte) by exploiting the out-of-bounds read behavior.
  • Denial of service: The vulnerability can cause 7-Zip to crash, especially under hardened memory allocators, leading to service interruptions.

There is no risk of data modification or privilege escalation from this vulnerability.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should update 7-Zip to version 26.01 or later, as this version fixes the heap out-of-bounds read issue in the UDF disc image handler.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart