4.3
CVE-2026-47224
- EPSS 0.19%
- Veröffentlicht 12.06.2026 17:16:24
- Zuletzt bearbeitet 15.06.2026 20:59:13
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
NanaZip: Heap buffer-overflow read in NanaZip LVM metadata CRC check
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip (via the upstream 7-Zip LvmHandler). The vulnerability is triggered when opening a crafted LVM disk image. This issue has been patched in stable version 6.0.1698.0 and preview version 6.5.1742.0.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerM2Team
≫
Produkt
NanaZip
Version
>= 3.0.1000.0, < 6.0.1698.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.083 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://github.com/M2Team/NanaZip/security/advisories/GHSA-qcgf-c2vp-fwjr