Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The advancecomp package does include code forked from a subset of a very old version of 7-Zip, so it is possible that it could be impacted by a vulnerability in 7-Zip. However, neither the CVE report https://www.cve.org/CVERecord?id=CVE-2025-11002 nor the Zero Day Initiative report https://www.zerodayinitiative.com/advisories/ZDI-25-950/ provides any details about the precise nature of the bug, the source files or functions where the bug exists, or the nature of the fix that was included in 7-Zip 25.00. Furthermore, while 7-Zip is open-source, it is not developed “in the open,” in that it has no public VCS, so we can’t dig through the commit history to try to figure out which change was associated with this report. All this means that there is not remotely enough information available to determine whether or not advancecomp is affected by this CVE, let alone to fix it, if it turns out that there is something to fix. It seems unlikely that more information will ever become available, so I’m closing this bug.