7-Zip Security Update Advisory (CVE-2024-11477)

Nov 26 2024

Overview

An update has been released to address vulnerabilities in 7-Zip. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-11477

all versions of 7-Zip 24.07 previous version

Resolved Vulnerabilities

Integer underflow due to lack of input data validation in the Zstandard decompression feature in 7-Zip, allowing remote code execution (CVE-2024-11477)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-11477

7-Zip 24.07 version

Referenced Sites

[1] CVE-2024-11477 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-11477

[2] 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability

https://www.zerodayinitiative.com/advisories/ZDI-24-1532/

7-Zip Security Update Advisory (CVE-2024-11477)

NVIDIA Product Security Update Advisory

Dell Product Security Update Advisory

Tags:

NVIDIA Product Security Update Advisory

Dell Product Security Update Advisory