Security researchers discovered dangerous bugs in the compression library of 7-Zip. One of the flaws could allow cybercriminals to execute arbitrary code, enabling them to take full control over a victim's PC.
The developers of the 7-Zip tool plugged the holes with the release of version 16.00 but it doesn't stop there as the 7-Zip library is used by countless other applications for compression/decompression purposes.
Talos Security has more information about the vulnerabilities and warns many vendors may not even be aware they are using the affected libraries:
7-Zip is an open-source file archiving application which features optional AES-256 encryption, support for large files, and the ability to use “any compression, conversion or encryption method”. Recently Cisco Talos has discovered multiple exploitable vulnerabilities in 7-Zip. These type of vulnerabilities are especially concerning since vendors may not be aware they are using the affected libraries. This can be of particular concern, for example, when it comes to security devices or antivirus products. 7-Zip is supported on all major platforms, and is one of the most popular archive utilities in-use today. Users may be surprised to discover just how many products and appliances are affected.