CVE-2023-52168 Information

Description

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512i-2 for i=9 i=10 i=11 etc.

Reference

https://sourceforge.net/p/sevenzip/bugs/2402/ https://www.openwall.com/lists/oss-security/2024/07/03/10 http://www.openwall.com/lists/oss-security/2024/07/03/10