7-Zip 22.01 error-reporting flaw in XZ stream flag parsing
CVE-2022-47112 Published on April 19, 2025
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.
Weakness Type
Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Products Associated with CVE-2022-47112
Want to know whenever a new CVE is published for 7Zip 7 Zip? stack.watch will email you.
Affected Versions
7-Zip Version 22.01 is affected by CVE-2022-47112Exploit Probability
EPSS
0.08%
Percentile
24.11%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.