Security update for p7zip SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3791-1 Final 1 1 2025-10-24T14:56:33Z current 2025-10-24T14:56:33Z 2025-10-24T14:56:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for p7zip This update for p7zip fixes the following issues: - CVE-2022-47069: heap buffer overflow in `ZipIn.cpp` file (bsc#1209648). - CVE-2025-53817: null pointer dereference may lead to denial of service (bsc#1246707). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3791,SUSE-SLE-Module-Basesystem-15-SP6-2025-3791,SUSE-SLE-Module-Basesystem-15-SP7-2025-3791,openSUSE-SLE-15.6-2025-3791 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253791-1/ Link for SUSE-SU-2025:3791-1 https://lists.suse.com/pipermail/sle-updates/2025-October/042297.html E-Mail link for SUSE-SU-2025:3791-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1209648 SUSE Bug 1209648 https://bugzilla.suse.com/1246707 SUSE Bug 1246707 https://www.suse.com/security/cve/CVE-2022-47069/ SUSE CVE CVE-2022-47069 page https://www.suse.com/security/cve/CVE-2023-1576/ SUSE CVE CVE-2023-1576 page https://www.suse.com/security/cve/CVE-2025-53817/ SUSE CVE CVE-2025-53817 page SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 openSUSE Leap 15.6 p7zip-16.02-150200.14.15.1 p7zip-doc-16.02-150200.14.15.1 p7zip-full-16.02-150200.14.15.1 p7zip-16.02-150200.14.15.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 p7zip-full-16.02-150200.14.15.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 p7zip-16.02-150200.14.15.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 p7zip-full-16.02-150200.14.15.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 p7zip-16.02-150200.14.15.1 as a component of openSUSE Leap 15.6 p7zip-doc-16.02-150200.14.15.1 as a component of openSUSE Leap 15.6 p7zip-full-16.02-150200.14.15.1 as a component of openSUSE Leap 15.6 p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. CVE-2022-47069 SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-16.02-150200.14.15.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-full-16.02-150200.14.15.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-16.02-150200.14.15.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-full-16.02-150200.14.15.1 openSUSE Leap 15.6:p7zip-16.02-150200.14.15.1 openSUSE Leap 15.6:p7zip-doc-16.02-150200.14.15.1 openSUSE Leap 15.6:p7zip-full-16.02-150200.14.15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253791-1/ https://www.suse.com/security/cve/CVE-2022-47069.html CVE-2022-47069 https://bugzilla.suse.com/1209648 SUSE Bug 1209648 https://bugzilla.suse.com/1216265 SUSE Bug 1216265 This is a duplicate of an earlier CVE, CVE-2022-47069. CVE-2023-1576 SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-16.02-150200.14.15.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-full-16.02-150200.14.15.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-16.02-150200.14.15.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-full-16.02-150200.14.15.1 openSUSE Leap 15.6:p7zip-16.02-150200.14.15.1 openSUSE Leap 15.6:p7zip-doc-16.02-150200.14.15.1 openSUSE Leap 15.6:p7zip-full-16.02-150200.14.15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253791-1/ https://www.suse.com/security/cve/CVE-2023-1576.html CVE-2023-1576 https://bugzilla.suse.com/1209648 SUSE Bug 1209648 7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue. CVE-2025-53817 SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-16.02-150200.14.15.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:p7zip-full-16.02-150200.14.15.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-16.02-150200.14.15.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:p7zip-full-16.02-150200.14.15.1 openSUSE Leap 15.6:p7zip-16.02-150200.14.15.1 openSUSE Leap 15.6:p7zip-doc-16.02-150200.14.15.1 openSUSE Leap 15.6:p7zip-full-16.02-150200.14.15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253791-1/ https://www.suse.com/security/cve/CVE-2025-53817.html CVE-2025-53817 https://bugzilla.suse.com/1246707 SUSE Bug 1246707