CVE-2018-5996

CVE: CVE-2018-5996
Published: 2018-01-31T18:29Z
Vendor: 7-zip
Products: 7-zip
Versions: 3.13, 4.20, 4.23, 4.24, 4.25, 4.26, 4.27, 4.28, 4.29, 4.30, 4.31, 4.32, 4.33, 4.34, 4.35, 4.36, 4.37, 4.38, 4.39, 4.40, 4.41, 4.42, 4.43, 4.44, 4.45, 4.46, 4.47, 4.48, 4.49, 4.50, 4.51, 4.52, 4.53, 4.54, 4.55, 4.56, 4.57, 4.58, 4.59, 4.60, 4.61, 4.62, 4.63, 4.64, 4.65, 9.04, 9.06, 9.07, 9.10, 9.11, 9.12, 9.13, 9.20, 9.22, 15.14,
p7zip
Versions: 0.80, 0.81, 0.90, 0.91, 4.10, 4.12, 4.13, 4.14, 4.14.01, 4.16, 4.18, 4.20, 4.27, 4.29, 4.30, 4.33, 4.37, 4.39, 4.42, 4.43, 4.44, 4.45, 4.47, 4.48, 4.49, 4.51, 4.53, 4.55, 4.57, 4.58, 4.61, 4.65, 9.04, 9.20.1, 16.02,
Vendor: debian
Products: debian_linux
Versions: 7.0, 8.0, 9.0,
Description Language: en
Description: Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
References:
https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/