These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-48112 is a medium-severity vulnerability in 7-Zip, a file archiver with a high compression ratio. Versions 9.18 through 26.00 are affected by a heap out-of-bounds read in the 7-Zip Ar handler BSD SYMDEF parser. The vulnerability occurs when parsing a BSD-style __.SYMDEF symbol table, where the ParseLibSymbols function reads a 32-bit namesSize field via Get32 at a position that can equal the buffe [truncated]
CVE-2026-48111 is a MEDIUM severity vulnerability in 7-Zip, a file archiver with a high compression ratio. Versions 9.21 through 26.00 are affected by an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parser. This vulnerability allows for a denial of service (access violation) or minor information disclosure of an adjacent .rdata string lite [truncated]
CVE-2026-48104 is a MEDIUM severity vulnerability in 7-Zip, a file archiver with a high compression ratio. The issue, caused by an uninitialized heap read in the SquashFS archive handler, affects versions 9.18 through 26.00. This vulnerability is triggered when opening a crafted SquashFS image, leading to a potential denial of service due to a wild-pointer dereference and possible heap information disclos [truncated]
CVE-2026-48103 is an off-by-one heap out-of-bounds read vulnerability in 7-Zip, a file archiver with a high compression ratio, affecting versions 9.34 through 26.00. The vulnerability is located in the WIM (Windows Imaging) archive handler's security descriptor lookup, specifically in the `CHandler::GetSecurity` function (CPP/7zip/Archive/Wim/WimHandler.cpp). The issue arises from the per-image SecurOffse [truncated]
CVE-2026-48102 is a heap out-of-bounds read vulnerability in 7-Zip, a file archiver with a high compression ratio. The vulnerability exists in the UDF disc image handler's File Identifier Descriptor parser, specifically in the `CFileId::Parse` function. An attacker can trigger the vulnerability by crafting a UDF image that causes the parser to read 1 to 3 bytes past the end of the exact-size heap buffer a [truncated]
CVE-2026-48101 is a MEDIUM severity vulnerability in 7-Zip, a file archiver with a high compression ratio. Versions 9.21 through 26.00 are affected by an uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) parser. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize (up to 1 GiB) without zero-initialization, then reads the file contents into it. If t [truncated]
CVE-2026-48095 is a high-severity heap buffer overflow vulnerability in 7-Zip, a popular file archiver. Versions 26.00 and prior are affected, allowing for code execution or application crashes. The vulnerability is caused by an under-allocation in the NTFS compressed stream buffer. To mitigate, upgrade to version 26.01 or later.
CVE-2026-48092 is a heap memory disclosure vulnerability in 7-Zip, a file archiver with a high compression ratio. Versions 9.34 through 26.00 are affected on 32-bit builds due to an integer overflow in the SquashFS ReadBlock function. This allows an attacker-controlled node.Offset value to bypass the fragment bounds check, causing memcpy to read heap memory preceding the cache buffer into the extracted fi [truncated]