Critical Vulnerability Found in 7-Zip Software

Critical vulnerability discovered in 7-Zip allows remote code execution. A newly identified integer underflow vulnerability (CVE-2024-11477) in 7-Zip’s Zstandard decompression implementation could enable remote attackers to execute arbitrary code on affected systems. The flaw arises from inadequate validation of user-supplied data, potentially leading to memory write issues. Users are advised to update to version 24.07, which addresses this security risk. The vulnerability was reported to the vendor on June 12, 2024, with a public advisory released on November 20, 2024. The discovery was credited to Nicholas Zubrisky of Trend Micro Security Research.