CVE-2016-2335 is an out-of-bounds read vulnerability that exists in the way 7-Zip handles Universal Disk Format (UDF) files. CVE-2016-2334 is an exploitable heap overflow vulnerability that exists in the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7-Zip. Fortunately, the exploit has been fixed in the latest version of 7-Zip software, which at the time of this writing is version 16.0. To find out the version you have installed, launch the 7-Zip File Manager, and go to Help > About 7-Zip.
Download 7-Zip Version 16.0 Users running Adobe Flash Player should also update. Adobe released a security update last week for a zero-day exploit found in the Flash Player. Also, last week Microsoft released a new cumulative update for Windows 10, which includes security updates and bug fixes. Comment Name * Email *
Δ Save my name and email and send me emails as new comments are made to this post.
