7-Zip <25.0.0 DoS via NulPtr Deref in Compound Handler
CVE-2025-53817 Published on July 17, 2025
GHSL-2025-059 - 7-Zip - Null pointer array write attempt in NArchive::NCom::CHandler::GetStream
7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2025-53817
Want to know whenever a new CVE is published for 7Zip 7 Zip? stack.watch will email you.
Affected Versions
ipavlov 7-Zip Version < 25.0.0 is affected by CVE-2025-53817Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.