TROYANOSYVIRUS
Back to CVEs

CVE-2016-2334

N/A

Description

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.

CVE Details

CVSS v3.1 ScoreN/A
Published12/13/2016
Last Modified5/6/2026
Sourcenvd
Honeypot Sightings0

Affected Products

7-zip:7-zipfedoraproject:fedoraoracle:solaris

Weaknesses (CWE)

CWE-119

References

http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html(cret@cert.org)
http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html(cret@cert.org)
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html(cret@cert.org)
http://www.securityfocus.com/bid/90531(cret@cert.org)
http://www.securitytracker.com/id/1035876(cret@cert.org)
http://www.talosintel.com/reports/TALOS-2016-0093/(cret@cert.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/(cret@cert.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/(cret@cert.org)
https://security.gentoo.org/glsa/201701-27(cret@cert.org)
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html(af854a3a-2127-422b-91ae-364da2661108)
http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/90531(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1035876(af854a3a-2127-422b-91ae-364da2661108)
http://www.talosintel.com/reports/TALOS-2016-0093/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-27(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.