CVE-2007-4725
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
05/09/2007
Last modified:
09/04/2025
Description
Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:* | 4.42 (including) | |
| cpe:2.3:a:7-zip:7-zip:4.43:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:7-zip:7-zip:4.44:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:7-zip:7-zip:4.45:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:7-zip:7-zip:4.46:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:7-zip:7-zip:4.47:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:7-zip:7-zip:4.48:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:7-zip:7-zip:4.49:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:7-zip:7-zip:4.50:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:7-zip:7-zip:4.51:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:7-zip:7-zip:4.52:beta:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://akky.cjb.net/security/7-zip3.txt
- http://jvn.jp/jp/JVN%2362868899/index.html
- http://osvdb.org/40482
- http://secunia.com/advisories/26624
- http://sourceforge.net/project/shownotes.php?release_id=535160&group_id=14481
- http://www.securityfocus.com/bid/25545
- http://www.vupen.com/english/advisories/2007/3086
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36459
- http://akky.cjb.net/security/7-zip3.txt
- http://jvn.jp/jp/JVN%2362868899/index.html
- http://osvdb.org/40482
- http://secunia.com/advisories/26624
- http://sourceforge.net/project/shownotes.php?release_id=535160&group_id=14481
- http://www.securityfocus.com/bid/25545
- http://www.vupen.com/english/advisories/2007/3086
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36459