Debian Updates Address Multiple p7zip Vulnerabilities

Debian Updates Address Multiple p7zip Vulnerabilities

First seen 11 May 2026, 21:57 UTC Linuxsecurity 72% similarity 70.5

Article Content

Browse articles
ThreatCluster

On May 11, 2026, Debian released two security advisories addressing critical vulnerabilities in p7zip and p7zip-rar. The updates replace the p7zip code base with 7-Zip v25, which now supports GNU/Linux natively. Notable CVEs include CVE-2022-47069, CVE-2023-31102, CVE-2023-40481, CVE-2023-52168, CVE-2023-52169, CVE-2024-11612, CVE-2025-11001, CVE-2025-11002, CVE-2025-53817, and CVE-2025-55188. These vulnerabilities include heap buffer overflows, out-of-bounds writes, and denial-of-service risks. Users are urged to upgrade their p7zip and p7zip-rar packages to mitigate potential exploitation. The issues affect Debian 11 (Bullseye) and could lead to severe impacts if not addressed promptly.

Key Points: • Debian released updates for p7zip and p7zip-rar to fix critical vulnerabilities. • The updates replace the p7zip code base with 7-Zip v25 for better compatibility. • Users are recommended to upgrade their packages to avoid exploitation risks.

ThreatCluster AI

Timeline

2023-08-22
CVE-2022-47069 published
Heap-buffer-overflow vulnerability identified in p7zip affecting multiple systems.
Linuxsecurity
2023-11-03
CVE-2023-31102 published
Integer underflow and invalid read operation vulnerability via crafted 7Z archive disclosed.
Linuxsecurity
2024-05-03
CVE-2023-40481 published
Out-of-bounds write vulnerability in SquashFS file parsing reported, leading to RCE risks.
Linuxsecurity
2024-07-03
CVE-2023-52168 and CVE-2023-52169 published
Heap-based buffer overflow and out-of-bounds read vulnerabilities in NTFS handler disclosed.
Linuxsecurity
2024-11-22
CVE-2024-11612 published
CopyCoder infinite loop denial-of-service vulnerability published, affecting various systems.
Linuxsecurity
2025-06-02
CVE-2025-11001 first public PoC
Proof of concept for ZIP file parsing directory traversal vulnerability made public.
Linuxsecurity
2025-07-17
CVE-2025-53817 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2025-08-08
CVE-2025-55188 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-01-23
CVE-2025-11002 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-11
Debian updates released
Debian issues DLA-4576 and DLA-4577-1 to address multiple vulnerabilities in p7zip and p7zip-rar.
Linuxsecurity

Community

Browse all →