Fedora 44 7zip Vulnerability Allows Arbitrary Code Execution Risks Found
fedora
June 15, 2026
Fixes CVE-2026-48092: Information disclosure in 32-bit builds Fixes CVE-2026-48095: Arbitrary code execution in NTFS handler Fixes CVE-2026-48101: Information disclosure in UEFI ca...
Summary
7-Zip is a file archiver with a high compression ratio. The main features
of 7-Zip are:
* High compression ratio in 7z format with LZMA and LZMA2 compression
* Supported formats:
* Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM
* Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,
GPT, HFS, IHEX, ISO, LZH, LZMA, MBR, MSI, NSIS, NTFS, QCOW2,
RPM, SquashFS, UDF, UEFI, VDI, VHD, VMDK, WIM, XAR and Z.
* For ZIP and GZIP formats, 7-Zip provides a compression ratio that is
2-10 % better than the ratio provided by PKZip and WinZip
* Strong AES-256 encryption in 7z and ZIP formats
* Powerful command line version
Update Information:
Fixes CVE-2026-48092: Information disclosure in 32-bit builds Fixes CVE-2026-48095: Arbitrary code execution in NTFS handler Fixes CVE-2026-48101: Information disclosure in UEFI capsule parser Fixes CVE-2026-48102: Information disclosure and DOS via crafted UDF image Fixes CVE-2026-48103: Off-by-one buffer over-read in WIM archive handler Fixes CVE-2026-48104: Uninitialized heap read in SquashFS archive handler Fixes CVE-2026-48111: Off-by-one OOB read in UEFI firmware image parser Fixes CVE-2026-48112: Heap-based buffer over-read in Ar handler BSD SYMDEF parser
Topics Covered
Change Log
* Mon Jun 15 2026 Michel Lind
References
[ 1 ] Bug #2373874 - 7z cannot find library when invoked with full path: Codec Load Error: /usr/bin/7z.so : errno=2 : No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=2373874 [ 2 ] Bug #2433842 - 7zip: FTBFS in Fedora rawhide/f44 https://bugzilla.redhat.com/show_bug.cgi?id=2433842 [ 3 ] Bug #2478240 - 7zip: `/bin/7z` fails to load codecs when `/bin` is a symlink to `/usr/bin` https://bugzilla.redhat.com/show_bug.cgi?id=2478240 [ 4 ] Bug #2485479 - CVE-2026-48092 7zip: 7-Zip: Information disclosure in 32-bit builds due to heap memory disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2485479 [ 5 ] Bug #2485481 - CVE-2026-48095 7zip: 7-Zip: Arbitrary code execution via heap buffer overflow in NTFS handler [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2485481 [ 6 ] Bug #2485489 - CVE-2026-48102 7zip: 7-Zip: Information disclosure and denial of service via crafted UDF image [fe...
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-4be7569210' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Name: 7zip
Product: Fedora 44
Version: 26.01
Release: 1.fc44
URL: https://7-zip.org
Summary: A file archiver
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!