FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p7zip -- Null pointer dereference

Affected packages
p7zip < 15.14_2

Details

VuXML ID 48e83187-b6e9-11e6-b6cf-5453ed2e2b49
Discovery 2016-07-17
Entry 2016-11-30

MITRE reports:

A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.

References

CVE Name CVE-2016-9296
URL https://sourceforge.net/p/p7zip/bugs/185/
URL https://sourceforge.net/p/p7zip/discussion/383043/thread/648d34db/
URL https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9296