CVE-2026-55780
Vulnerability Description
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validated against the real file size. A crafted bundle can cause an attacker-chosen allocation inside Extract, where std::bad_alloc or std::length_error can escape across the COM STDMETHODCALLTYPE boundary and crash the process. This issue is fixed in version 6.5.1749.0.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-248
Source
NVD
Vendor
M2Team
Product
NanaZip
Discussion (0)
Add Comment
No comments yet. Be the first!