2381766 – (CVE-2025-53816) CVE-2025-53816 7zip: 7-Zip heap buffer overflow

Bug 2381766 (CVE-2025-53816) - CVE-2025-53816 7zip: 7-Zip heap buffer overflow

Summary: CVE-2025-53816 7zip: 7-Zip heap buffer overflow

Keywords:
Status:	NEW
Alias:	CVE-2025-53816
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2381825 2381835 2381837 2381827 2381829 2381831 2381833 2381836
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-17 19:01 UTC by OSIDB Bzimport
Modified:	2025-07-17 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-17 19:01:20 UTC

7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.

Note You need to log in before you can comment on or make changes to this bug.