These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-47223 is a medium-severity vulnerability in NanaZip, a 7-Zip derivative for modern Windows experiences. A heap out-of-bounds read issue exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the upstream 7-Zip AvbHandler). The vulnerability is caused by a 32-bit unsigned integer overflow in the bounds check, allowing an attacker-controlled salt_len field to bypass validatio [truncated]
CVE-2026-47224 is a MEDIUM severity vulnerability in NanaZip, a 7-Zip derivative, affecting versions from 3.0.1000.0 to before 6.0.1698.0. A heap buffer-overflow read exists in the LVM2 physical-volume metadata parser. The vulnerability is triggered when opening a crafted LVM disk image. This issue has been patched in stable version 6.0.1698.0 and preview version 6.5.1742.0.
CVE-2026-47222 is a medium-severity vulnerability in NanaZip, a 7-Zip derivative for modern Windows experiences. The issue allows for a heap out-of-bounds read, potentially leading to a denial of service (crash) when opening a crafted .avb or .img file.
NanaZip versions 5.0.1252.0 through 6.0.1698.0 (exclusive) contain a denial-of-service vulnerability in the littlefs filesystem image parser. The Open method reads BlockCount directly from attacker-controlled superblock data without validating against actual file size or enforcing an upper bound, then iterates BlockCount times allocating a file-path entry per iteration. A crafted 44-byte littlefs image wi [truncated]
CVE-2026-42443 is a local denial-of-service issue in NanaZip’s UFS/UFS2 filesystem image parser. A crafted UFS image can set the superblock field fs_ipg to zero, and the parser uses that value as a divisor without validation, causing an immediate divide-by-zero trap and process crash. The issue is fixed in NanaZip 6.0.1698.0.
CVE-2026-42442 is a low-severity denial-of-service issue in NanaZip’s UFS/UFS2 filesystem image parser. A crafted UFS image can trigger a null-pointer dereference when the parser opens a root inode that is marked as a symlink instead of a directory. The issue is fixed in NanaZip 6.0.1698.0.
NanaZip versions 5.0.1252.0 through 6.0.1697.x contain an uncontrolled recursion vulnerability in the Electron Archive (ASAR) parser. When processing a crafted .asar file with deeply nested JSON in its header, both nlohmann::json::parse and the handler's GetAllPaths function recurse without depth limits, causing stack exhaustion and process crash. This represents a denial-of-service condition triggered by [truncated]