7-Zip has just released the 16.0 version of open-source compression software. The update contains critical updates to the code for two issues discovered by Cisco's Talos Team.
Vulnerabilities relate to a heap overflow (CVE-2016-2334) and an out-of-bounds read (CVE-2016-2335). The most dangerous one is the latter, which Cisco says can allow attackers to execute code on the victim's computer and gain full control over its device.
According to Cisco, the problem lies in how the 7-Zip application manages UDF files. The Universal Disk Format (UDF) format is the official file system for DVD-Video and DVD-Audio.
Those who use the application would be good to update immediately.
Download 7-Zip 16.00 (2016-05-10) for Windows:
Link | Type | Windows | Description |
---|---|---|---|
Download | .exe | 32-bit x86 | 7-Zip for 32-bit Windows |
Download | .exe | 64-bit x64 | 7-Zip for 64-bit Windows x64 (Intel 64 or AMD64) |
Download | . 7z | x86 / x64 | 7-Zip Extra: standalone console version, 7z DLL, Plugin for Far Manager |
Download | . 7z | Any | 7-Zip Source code |
Download | . 7z | Any / x86 / x64 | LZMA SDK: (C, C ++, C #, Java) |
Download | . MSI | 32-bit x86 | (alternative MSI installer) 7-Zip for 32-bit Windows |
Download | . MSI | 64-bit x64 | (alternative MSI installer) 7-Zip for 64-bit Windows x64 (Intel 64 or AMD64) |
For all other platforms from the links below