CVE-2026-47222
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
In NanaZip, from version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser. An attacker can exploit this vulnerability to cause a crash of the application when opening a crafted .avb or .img file.
Risk Assessment
This vulnerability may lead to a denial of service, affecting the application's availability for users. Organizations should be aware of the risks associated with opening unknown files.
Recommendation
It is recommended to update NanaZip to version 6.0.1698.0 or later to mitigate this vulnerability. Additionally, avoid opening suspicious .avb or .img files.
Original NVD description (English source)
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the upstream 7-Zip AvbHandler). An unsigned integer underflow in a bounds check allows an attacker-controlled value_num_bytes field to pass validation, causing AddNameToString to read up to ~4 GiB past the end of a 64 KiB heap buffer. This causes a deterministic crash (denial of service) when opening a crafted .avb or .img file. This issue has been patched in stable version 6.0.1698.0 and preview version 6.5.1742.0.

