[3.4] p7zip: Null pointer dereference in 7zIn.cpp (CVE-2016-9296)
A null pointer dereference bug affects the current and many old versions
of p7zip.
It is because the lack of check for the array variable
folders.PackPositions after a loop of initialization.
Reference:
https://sourceforge.net/p/p7zip/bugs/185/
https://sourceforge.net/p/p7zip/discussion/383043/thread/648d34db/
(from redmine: issue id 6511, created on 2016-11-30, closed on 2016-12-15)
- Relations:
- parent #6510 (closed)
- Changesets:
- Revision 2bb44c1c by Sergei Lukin on 2016-12-01T11:09:15Z:
main/p7zip: security fix for CVE-2016-9296
fixes #6511