CVE Catalog

CVE-2026-47222

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

In NanaZip, from version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser. An attacker can exploit this vulnerability to cause a crash of the application when opening a crafted .avb or .img file.

Risk Assessment

This vulnerability may lead to a denial of service, affecting the application's availability for users. Organizations should be aware of the risks associated with opening unknown files.

Recommendation

It is recommended to update NanaZip to version 6.0.1698.0 or later to mitigate this vulnerability. Additionally, avoid opening suspicious .avb or .img files.

Original NVD description (English source)

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the upstream 7-Zip AvbHandler). An unsigned integer underflow in a bounds check allows an attacker-controlled value_num_bytes field to pass validation, causing AddNameToString to read up to ~4 GiB past the end of a 64 KiB heap buffer. This causes a deterministic crash (denial of service) when opening a crafted .avb or .img file. This issue has been patched in stable version 6.0.1698.0 and preview version 6.5.1742.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS