Debian LTS DLA-4576-1 p7zip Critical RCE DoS Issues Fixed
debian lts
May 11, 2026
Multiple vulnerabilities were discovered in p7zip, a now unmaintained fork of 7-Zip, a file archiver handling multiple formats
Topics Covered
Summary
To address these security vulnerabilities, whose fixes are
unfortunately not isolated, this update replaces p7zip with 7-Zip v25
(which now supports GNU/Linux natively), slightly modified to make it
reasonably compatible with p7zip.
CVE-2022-47069
heap-buffer-overflow vulnerability via the function
NArchive::NZip::CInArchive::FindCd
CVE-2023-31102
Ppmd7.c allows an integer underflow and invalid read operation via
a crafted 7Z archive.
CVE-2023-40481
SquashFS File Parsing Out-Of-Bounds Write RCE
CVE-2023-52168
heap-based buffer overflow in NTFS handler
CVE-2023-52169
out-of-bounds read in NTFS handler
CVE-2024-11612
CopyCoder Infinite Loop Denial-of-Service
CVE-2025-11001
ZIP File Parsing Directory Traversal RCE
CVE-2025-11002
ZIP File Parsing Directory Traversal RCE
CVE-2025-53817
null pointer dereference in the Compound handler may lead to
denial of service
CVE-2025-55188
does not always properly handle symbolic links
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: p7zip
Version: 16.02+really25.01+dfsg-0+deb11u1
CVE ID: CVE-2022-47069 CVE-2023-31102 CVE-2023-40481 CVE-2023-52168
Debian Bug: 1111068
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!