CVE-2026-48112
Heap Out-of-Bounds Read in 7-Zip Ar Handler
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 7-zip | 7-zip | From 9.18 (inc) to 26.00 (inc) |
| 7-zip | 7-zip | 26.01 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in 7-Zip versions 9.18 through 26.00 and involves a heap out-of-bounds read in the BSD SYMDEF parser of the 7-Zip Ar handler. Specifically, when parsing a BSD-style __.SYMDEF symbol table, the ParseLibSymbols function reads a 32-bit namesSize field at a position that can be exactly at the buffer size, causing it to read 4 bytes beyond the allocated heap memory. This results in reading uninitialized heap data, which can lead to unintended information disclosure or program instability. The issue was fixed in version 26.01.
How can this vulnerability impact me? :
The vulnerability can lead to the exposure of uninitialized heap data, which may contain sensitive information. Since the CVSS score indicates a high confidentiality impact (C:H) but no impact on integrity or availability, the primary risk is information disclosure. An attacker could potentially exploit this vulnerability to read sensitive data from memory, which could compromise privacy or security depending on the context in which 7-Zip is used.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update 7-Zip to version 26.01 or later, as this version patches the heap out-of-bounds read issue in the BSD SYMDEF parser.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in 7-Zip involves heap out-of-bounds reads and uninitialized memory disclosures that could expose sensitive data such as passwords or file paths. Exposure of such sensitive information may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access or disclosure.
Since the vulnerability can lead to leakage of sensitive information through memory disclosure, organizations using affected versions of 7-Zip might face increased risk of non-compliance with these standards if the vulnerability is exploited and sensitive data is exposed.
Updating to version 26.01, which patches these issues, is necessary to mitigate these risks and help maintain compliance with relevant data protection regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects 7-Zip versions 9.18 through 26.00 and involves a heap out-of-bounds read in the BSD SYMDEF parser. Detection involves identifying if vulnerable versions of 7-Zip are installed on your system.
To detect the presence of vulnerable 7-Zip versions, you can check the installed version using the following command:
- On Windows Command Prompt or PowerShell: 7z.exe --version
- On Linux or Unix shell: 7z --version
If the version reported is between 9.18 and 26.00 inclusive, the system is vulnerable and should be updated to version 26.01 or later.
Additionally, monitoring for suspicious or malformed Unix ar archive files that could trigger the heap out-of-bounds read might help detect exploitation attempts, but no specific network or system commands for active detection of exploitation are provided.