1
Candidate: CVE-2016-9296
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9296
5
https://sourceforge.net/p/p7zip/bugs/185/
6
https://github.com/yangke/7zip-null-pointer-dereference
7
https://sourceforge.net/p/p7zip/discussion/383043/thread/648d34db/
9
A null pointer dereference bug affects the 16.02 and many old versions of
10
p7zip. A lack of null pointer check for the variable folders.PackPositions
11
in function CInArchive::ReadAndDecodePackedStreams in
12
CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z
13
applications, will cause a crash and a denial of service when decoding
17
sbeattie> crasher example is in sourceforge bug report
19
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844344
25
upstream_p7zip: needs-triage
26
precise_p7zip: ignored (reached end-of-life)
27
precise/esm_p7zip: DNE (precise was needed)
29
vivid/stable-phone-overlay_p7zip: DNE
30
vivid/ubuntu-core_p7zip: DNE
32
yakkety_p7zip: ignored (reached end-of-life)
33
zesty_p7zip: ignored (reached end-of-life)