Back

Debian Updates Address Multiple p7zip Vulnerabilities

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Summary

On May 11, 2026, Debian released two security advisories addressing critical vulnerabilities in p7zip and p7zip-rar. The updates replace the p7zip code base with 7-Zip v25, which now supports GNU/Linux natively. Notable CVEs include CVE-2022-47069, CVE-2023-31102, CVE-2023-40481, CVE-2023-52168, CVE-2023-52169, CVE-2024-11612, CVE-2025-11001, CVE-2025-11002, CVE-2025-53817, and CVE-2025-55188. These vulnerabilities include heap buffer overflows, out-of-bounds writes, and denial-of-service risks. Users are urged to upgrade their p7zip and p7zip-rar packages to mitigate potential exploitation. The issues affect Debian 11 (Bullseye) and could lead to severe impacts if not addressed promptly. Key Points: • Debian released updates for p7zip and p7zip-rar to fix critical vulnerabilities. • The updates replace the p7zip code base with 7-Zip v25 for better compatibility. • Users are recommended to upgrade their packages to avoid exploitation risks.

Key Entities

  • DDoS (attack_type)
  • CVE-2022-47069 (cve)
  • CVE-2023-31102 (cve)
  • CVE-2023-40481 (cve)
  • CVE-2023-52168 (cve)
  • CVE-2023-52169 (cve)
  • Cwe-122 - Heap-based Buffer Overflow (cwe)
  • Cwe-125 - Out-of-bounds Read (cwe)
  • Cwe-191 - Integer Underflow (cwe)
  • CWE-22 - Path Traversal (cwe)
  • Cwe-476 - NULL Pointer Dereference (cwe)
  • Linux (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed