CVE-2022-47112 LOW

CVE-2022-47112

Vendor 7-Zip
Product 7-Zip
Weakness CWE-754
Published April 19, 2025
Last update April 21, 2025

CVSS base score

2.5/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.

Key dates

02Disclosure timeline

April 19, 2025 CVE published
April 21, 2025 Record updated