CVE-2026-55780
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler i
CVSS
—
Sin CVSS
EPSS
0.1%
p2
KEV
—
Exploit Today
0
0-100
Publicado: 10 jul 2026 · Última mod.: 13 jul 2026 · CWE-248 · CWE-400
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validated against the real file size. A crafted bundle can cause an attacker-chosen allocation inside Extract, where std::bad_alloc or std::length_error can escape across the COM STDMETHODCALLTYPE boundary and crash the process. This issue is fixed in version 6.5.1749.0.
- github.comhttps://github.com/M2Team/NanaZip/commit/ad62e3b4970b9f01e924c99094d6fed7a42f849a
- github.comhttps://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0
- github.comhttps://github.com/M2Team/NanaZip/security/advisories/GHSA-ppm9-5267-rq72
- github.comhttps://github.com/M2Team/NanaZip/security/advisories/GHSA-ppm9-5267-rq72