CVE-2022-47112
Public on 2025-04-19
Modified on 2025-04-29
Description
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Graphicsmagick1.3 Extra | p7zip | Not Affected | ||
| Amazon Linux 2023 | p7zip | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 2.5 | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N |
| NVD | CVSSv3 | 3.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |