Cisco reported in a blog post from its Security Intelligence and Research arm that two major flaws have been discovered in 7-Zip that have ramifications for antivirus and security products.
First is CVE-2016-2335, a flaw whereby 7-Zip doesn't check whether a partition is 'out of bounds' when reading Universal Disk Format files, which, if misused, could allow crims to execute remote code.
"Both of these 7-Zip vulnerabilities resulted from flawed input validation. Because data can come from a potentially untrusted source, data input validation is of critical importance to all applications’ security.
"Talos has worked with 7-Zip to responsibly disclose, and then patch, these vulnerabilities. Users are urged to update their vulnerable versions of 7-Zip to the latest revision, version 16.00, as soon as possible."