Skip to content

7-zip PoCs #907

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JarLob merged 2 commits into from
Oct 24, 2025
Merged

7-zip PoCs #907

JarLob merged 2 commits into from
Oct 24, 2025

Conversation

@JarLob
Copy link
Contributor

@JarLob JarLob commented Oct 24, 2025

No description provided.

Copilot AI review requested due to automatic review settings October 24, 2025 19:23
Copilot AI reviewed Oct 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds documentation for two security vulnerabilities (CVE-2025-53816 and CVE-2025-53817) discovered in 7-Zip version 24.09, along with proof-of-concept files to reproduce the issues.

Key Changes:

  • Documents heap buffer overflow vulnerability (GHSL-2025-058/CVE-2025-53816) with PoC file rar-crash.rar5
  • Documents null pointer dereference vulnerability (GHSL-2025-059/CVE-2025-53817) with PoC file compound-crash.poc
  • Includes ASAN stack traces demonstrating both vulnerabilities

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@JarLob JarLob requested a review from kevinbackhouse October 24, 2025 19:23
@JarLob JarLob self-assigned this Oct 24, 2025
@JarLob
Update SecurityExploits/7-Zip/README.md
c1ac48d 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@JarLob JarLob merged commit 1de118e into main Oct 24, 2025
4 checks passed
@JarLob JarLob deleted the jaro branch October 24, 2025 20:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kevinbackhouse kevinbackhouse kevinbackhouse approved these changes

Assignees

@JarLob JarLob

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JarLob @kevinbackhouse