Flaws Found in 7-Zip File Archiver

By   muhammad malik
Chief Editor , Information Security Buzz | May 15, 2016 10:00 pm PST

Researchers have found some serious flaws in 7-Zip, an open source compression tool which is used in many products including antiviruses and security appliances. 7-Zip is known for its high compression ratio and ability to handle a large number of archive formats. The vulnerabilities in 7-Zip are caused by the lack of proper data input validation. Here to comment on this research is security expert from Tripwire.

Craig Young, Cybersecurity Researcher for Tripwire:

CraigYoung“It is important for users to exercise caution when extracting files from untrusted sources using 7-zip.  Earlier this year I did my own research on 7-zip and found that the wide range of supported file formats creates a very large attack surface.  With less than an hour of fuzzing the 7z extractor late last year, I also found several exploitable memory corruption bugs.  The best advice for anyone downloading content and extracting it with 7z is to perform file extractions within an immutable virtual machine.”

Recent Posts