CVE-2007-4725
CVE-2007-4725 is a medium-severity vulnerability in 7-zip with a CVSS 2.0 base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-400.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.8)
- EPSS exploit prediction: 6% (92nd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-400
- Affected product: 7-zip
- Published:
- Last modified:
Description
Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.
Frequently asked questions
- What is CVE-2007-4725?
- Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.
- How severe is CVE-2007-4725?
- CVE-2007-4725 has a CVSS 2.0 base score of 6.8, rated medium severity.
- Is CVE-2007-4725 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 6% (92nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-4725?
- CVE-2007-4725 primarily affects 7-zip. In total, 11 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2007-4725?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2007-4725 published?
- CVE-2007-4725 was published on 2007-09-05 and last updated on 2026-06-16.
References
- http://akky.cjb.net/security/7-zip3.txt
- http://jvn.jp/jp/JVN%2362868899/index.html
- http://osvdb.org/40482
- http://secunia.com/advisories/26624
- http://sourceforge.net/project/shownotes.php?release_id=535160&group_id=14481
- http://www.securityfocus.com/bid/25545
- http://www.vupen.com/english/advisories/2007/3086
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36459
Affected products (11)
- cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*
- cpe:2.3:a:7-zip:7-zip:4.43:beta:*:*:*:*:*:*
- cpe:2.3:a:7-zip:7-zip:4.44:beta:*:*:*:*:*:*
- cpe:2.3:a:7-zip:7-zip:4.45:beta:*:*:*:*:*:*
- cpe:2.3:a:7-zip:7-zip:4.46:beta:*:*:*:*:*:*
- cpe:2.3:a:7-zip:7-zip:4.47:beta:*:*:*:*:*:*
- cpe:2.3:a:7-zip:7-zip:4.48:beta:*:*:*:*:*:*
- cpe:2.3:a:7-zip:7-zip:4.49:beta:*:*:*:*:*:*
- cpe:2.3:a:7-zip:7-zip:4.50:beta:*:*:*:*:*:*
- cpe:2.3:a:7-zip:7-zip:4.51:beta:*:*:*:*:*:*
- cpe:2.3:a:7-zip:7-zip:4.52:beta:*:*:*:*:*:*
More vulnerabilities in 7-zip
- CVE-2008-6536 — Critical (CVSS 10.0): Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the…
- CVE-2026-48095 — High (CVSS 8.8): 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow…
- CVE-2018-10172 — High (CVSS 8.8): 7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function…
- CVE-2016-2335 — High (CVSS 8.8): The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote…
- CVE-2025-11002 — High (CVSS 7.8): 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote…
- CVE-2025-11001 — High (CVSS 7.8): 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote…
Other CWE-400 (Uncontrolled Resource Consumption) vulnerabilities
- CVE-2026-46775 — Critical (CVSS 9.9): Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0.…
- CVE-2025-61303 — Critical (CVSS 9.8): Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a…
- CVE-2025-43193 — Critical (CVSS 9.8): The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7,…
- CVE-2025-24269 — Critical (CVSS 9.8): The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to…
- CVE-2025-24264 — Critical (CVSS 9.8): The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4,…
- CVE-2025-24260 — Critical (CVSS 9.8): The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5,…
Browse all CWE-400 (Uncontrolled Resource Consumption) vulnerabilities →