{"id":"USN-7438-1","summary":"7zip vulnerabilities","details":"\nIgor Pavlov discovered that 7-Zip had several memory-related issues.\nAn attacker could possibly use these issues to cause 7-Zip to crash,\nresulting in a denial of service, or execute arbitrary code.\n(CVE-2023-52168, CVE-2023-52169)\n","modified":"2026-04-27T17:24:34.314274Z","published":"2025-04-15T18:23:02Z","related":["UBUNTU-CVE-2023-52168","UBUNTU-CVE-2023-52169"],"upstream":["CVE-2023-52168","CVE-2023-52169","UBUNTU-CVE-2023-52168","UBUNTU-CVE-2023-52169"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7438-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-52168"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-52169"}],"affected":[{"package":{"name":"7zip","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/7zip@21.07+dfsg-4ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.07+dfsg-4ubuntu0.1~esm1"}]}],"versions":["21.03~beta+dfsg-6","21.04~beta+dfsg-1","21.06+dfsg-1","21.07+dfsg-1","21.07+dfsg-2","21.07+dfsg-3","21.07+dfsg-4"],"ecosystem_specific":{"binaries":[{"binary_version":"21.07+dfsg-4ubuntu0.1~esm1","binary_name":"7zip"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7438-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"id":"CVE-2023-52168","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-52169","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"7zip","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/7zip@23.01+dfsg-11ubuntu0.1~esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"23.01+dfsg-11ubuntu0.1~esm1"}]}],"versions":["23.01+dfsg-3","23.01+dfsg-7","23.01+dfsg-8","23.01+dfsg-11"],"ecosystem_specific":{"binaries":[{"binary_version":"23.01+dfsg-11ubuntu0.1~esm1","binary_name":"7zip"},{"binary_version":"23.01+dfsg-11ubuntu0.1~esm1","binary_name":"7zip-standalone"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7438-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:24.04:LTS","cves":[{"id":"CVE-2023-52168","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-52169","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.5"}