7-Zip: Multiple Memory Corruptions via RAR and ZIP
Posted: Wed Jan 24, 2018 7:31 pm
In the following, I will outline two bugs that affect 7-Zip before version 18.00 as well as p7zip. The first one (RAR PPMd) is the more critical and the more involved one. The second one (ZIP Shrink) seems to be less critical, but also much easier to understand.
https://landave.io/2018/01/7-zip-multip ... nd-zip/?hn
"Finally, note that the attacker can overflow the stack buffer with pointers to data that is highly attacker controlled itself."
https://landave.io/2018/01/7-zip-multip ... nd-zip/?hn
"Finally, note that the attacker can overflow the stack buffer with pointers to data that is highly attacker controlled itself."