A heap-based buffer overflow in 7-Zip's shrink decoder can allow an attacker to write arbitrary data to memory and cause a crash.
Versions of p7zip up to and including 16.02 are vulnerable. A fix for this vulnerability is available in the beta version of 7-zip 18.00 (for Windows).
Created p7zip tracking bugs for this issue:
Affects: epel-all [bug 1538458]
Affects: fedora-all [bug 1538459]