CVE-2026-55780
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler i
CVSS
—
No CVSS
EPSS
0.1%
p2
KEV
—
Exploit Today
0
0-100
Published: Jul 10, 2026 · Last modified: Jul 13, 2026 · CWE-248 · CWE-400
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validated against the real file size. A crafted bundle can cause an attacker-chosen allocation inside Extract, where std::bad_alloc or std::length_error can escape across the COM STDMETHODCALLTYPE boundary and crash the process. This issue is fixed in version 6.5.1749.0.
- github.comhttps://github.com/M2Team/NanaZip/commit/ad62e3b4970b9f01e924c99094d6fed7a42f849a
- github.comhttps://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0
- github.comhttps://github.com/M2Team/NanaZip/security/advisories/GHSA-ppm9-5267-rq72
- github.comhttps://github.com/M2Team/NanaZip/security/advisories/GHSA-ppm9-5267-rq72