debian · CVE-2016-9296

Quick triage

Priority: unimportant Published: Updated: Wed, 01 Jul 2026 06:50:59 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-9296 unimportant priority: Debian including 1 source packages (p7zip), 3 status rows across 3 suites (bookworm, bullseye, trixie): resolved 3.

Description:

A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.

cvelogic Threat Intelligence