suse · CVE-2017-17969

Quick triage

Priority: high Published: 2021-05-30 14:05:16 UTC Updated: 2025-10-05 02:08:53 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-17969 severity important: SUSE including 20 source package names (p7zip, p7zip-16.02-11.3, …), 47 product×package rows across 39 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (39 product lines)): Fixed 34, Known Not Affected 13.

Description:

Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.

cvelogic Threat Intelligence