CVE-2025-53816
Published: 07/17/2025 19:15:25
7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.
HIGH
CVSS v3: 7.5
CVSS v3: 7.5
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 25.3 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 25.2 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 25.1.1 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 25.1 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 24.4 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 24.4.0 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 24.3 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 24.2.1 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 24.2 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 24.1 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 23.3 | 7-zip (23.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 23.2.1 | 7-zip (17.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 23.2 | 7-zip (17.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 23.1 | 7-zip (17.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
| 22.4 | 7-zip (17.01) | Not Affected | Code Not Present | The vulnerability exists in the RAR5 decoder (NCompress::NRar5::CDecoder) which is part of the full 7-Zip application, not the LZMA SDK. Document Filters uses LZMA SDK 23.01 which does not include any RAR handlers. RAR file processing is handled by a separate unrar library (version 5.9.1). The LZMA SDK build only includes handlers for 7z, LZMA, XZ, and various compression codecs, but no RAR-related code. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
7.5
Base Severity
HIGH
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version
3.1