Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Debian LTS DLA-4681-1 p7zip Memory Corruption Fix CVE-2026-48092

debian lts
Calendar Grey July 13, 2026
Dist Debian Esm H88
Multiple memory corruption issues in p7zip have been resolved with this update. Upgrade your packages to ensure security.
Multiple memory corruption vulnerabilities were discovered in p7zip, a now unmaintained fork of 7-Zip, which itself is a file archiver handling multiple formats

Summary

To address these security vulnerabilities, whose fixes are
unfortunately not isolated, this update again replaces p7zip with a
recent 7-Zip (now v26.01), slightly modified to make it reasonably
compatible with p7zip.

CVE-2026-48092

SquashFS Fragment Offset Overflow

CVE-2026-48095

Heap Buffer Write Overflow

CVE-2026-48101

UEFI Capsule uninitialized heap memory disclosure

CVE-2026-48102

UDF Field OOB Read

CVE-2026-48103

WIM SecurityId OOB read

CVE-2026-48104

SquashFS BlockToNode uninitialized heap read

CVE-2026-48111

UEFI DEPEX OOB Read

CVE-2026-48112

Ar SYMDEF OOB Read

For Debian 11 bullseye, these problems have been fixed in version
16.02+really26.01+dfsg-0+deb11u1.

We recommend that you upgrade your p7zip packages.

For the detailed security status of p7zip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/p7zip

Further information about Debian LTS security advisories, how to apply

Read the Full Advisory


Package: p7zip
Version: 16.02+really26.01+dfsg-0+deb11u1
CVE ID: CVE-2026-48092 CVE-2026-48095 CVE-2026-48101 CVE-2026-48102

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.