CVE-2026-48102
Analyzed Analyzed - Analysis Complete
Heap Out-of-Bounds Read in 7-Zip

Publication date: 2026-06-05

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse (CPP/7zip/Archive/Udf/UdfIn.cpp), after validating size < 38 + idLen + impLen and advancing processed to 38 + impLen + idLen, the alignment-padding loop reads p[processed] while incrementing up to 3 times to reach a 4-byte boundary, and the processed <= size bounds check only runs after the loop. When (38 + impLen + idLen) % 4 != 0 and 38 + impLen + idLen == size, the loop reads 1 to 3 bytes past the end of the exact-size heap buffer allocated via buf.Alloc((size_t)item.Size). The UDF handler is registered for .iso and .udf files and auto-detected by signature, and the OOB read triggers during Open() when listing or extracting a crafted UDF image. Impact is limited to information disclosure (a 1-bit oracle per OOB byte via open/fail behavior) and denial of service (crash under hardened allocators); there is no write primitive. Version 26.01 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-10
Generated
2026-06-25
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-24
NVD
CVE-2026-48102
EUVD
EUVD-2026-34850
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
7-zip 7-zip From 9.11 (inc) to 26.01 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in 7-Zip versions 9.11 through 26.00 within the UDF disc image handler's File Identifier Descriptor parser. It is a heap out-of-bounds read of up to 3 bytes caused by improper bounds checking during alignment-padding in the parsing process. Specifically, when certain size conditions are met, the code reads 1 to 3 bytes beyond the allocated heap buffer.

The issue occurs during the Open() operation when listing or extracting crafted UDF (.iso or .udf) images. The vulnerability can lead to information disclosure through a 1-bit oracle per out-of-bounds byte and may cause denial of service by crashing under hardened memory allocators. There is no ability to write or modify data through this vulnerability.

This flaw was fixed in version 26.01 of 7-Zip.

Compliance Impact

The vulnerability in 7-Zip allows for limited information disclosure and denial of service but does not provide a write primitive. There is no specific information in the provided context about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

The primary impacts of this vulnerability are limited to information disclosure and denial of service.

  • Information disclosure: An attacker can potentially gain small amounts of information (1 bit per out-of-bounds byte) by exploiting the out-of-bounds read behavior.
  • Denial of service: The vulnerability can cause 7-Zip to crash, especially under hardened memory allocators, leading to service interruptions.

There is no risk of data modification or privilege escalation from this vulnerability.

Detection Guidance

This vulnerability affects 7-Zip versions 9.11 through 26.00 when handling .iso and .udf files with the UDF disc image handler. Detection involves identifying if vulnerable versions of 7-Zip are installed and if crafted UDF images are being opened or extracted.

To detect the vulnerability on your system, first check the installed 7-Zip version:

  • On Windows, run: "7z.exe" or "7z" and check the version output.
  • On Linux or Unix-like systems, run: `7z --help` or `7z | head -1` to see the version.

If the version is between 9.11 and 26.00 inclusive, the system is potentially vulnerable.

To detect exploitation attempts or presence of crafted UDF files on your system or network, you can search for .iso or .udf files that might be malicious or crafted to trigger the vulnerability.

  • On Linux, find such files with: `find /path/to/scan -type f \( -iname "*.iso" -o -iname "*.udf" \)`
  • Monitor logs or application crashes related to 7-Zip when opening or extracting these files, as crashes may indicate exploitation attempts.

Currently, no specific network detection commands or signatures are provided in the available resources for this vulnerability.

Mitigation Strategies

To mitigate this vulnerability, you should update 7-Zip to version 26.01 or later, as this version fixes the heap out-of-bounds read issue in the UDF disc image handler.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48102. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart