Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 914736 (CVE-2023-31102, CVE-2023-40481)

Summary: app-arch/p7zip: multiple vulnerabilities
Product: Gentoo Security Reporter: Maxxim <fonic.maxxim>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: floppym, ionen, prometheanfire
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/p7zip-project/p7zip/issues/224
Whiteboard: B2 [upstream]
Package list:
Runtime testing required: ---

Description Maxxim 2023-09-26 10:42:29 UTC 
p7zip seems to be affected by two severe vulnerabilities that were discovered last month:

CVE-2023-40481
CVE-2023-31102

Further details:
https://github.com/p7zip-project/p7zip/issues/224

The issue mentioned above indicates that the vulnerabilities are currently unfixed (and not even being worked upon). It is unclear, however, which versions are affected.

Reproducible: Always