Description
binwalk depends on p7zip (17.05/17.06), which is affected by CVE-2026-48095 — a heap buffer overflow vulnerability in the NTFS archive handler that can lead to remote code execution.
The vulnerability was fixed in 7-Zip 26.01 (2026-04-27), but p7zip is no longer actively maintained and will not receive this fix.
Current State
- p7zip: Last release 17.06 (2019), unmaintained
- sevenzip (official 7-Zip CLI): Actively maintained, current version 26.01
Suggestion
Consider migrating the dependency from p7zip to sevenzip (the official 7-Zip CLI for Linux/macOS).
In Homebrew, sevenzip provides the 7zz command as a drop-in replacement.
References
Description
binwalk depends on
p7zip(17.05/17.06), which is affected by CVE-2026-48095 — a heap buffer overflow vulnerability in the NTFS archive handler that can lead to remote code execution.The vulnerability was fixed in 7-Zip 26.01 (2026-04-27), but
p7zipis no longer actively maintained and will not receive this fix.Current State
Suggestion
Consider migrating the dependency from
p7ziptosevenzip(the official 7-Zip CLI for Linux/macOS).In Homebrew,
sevenzipprovides the7zzcommand as a drop-in replacement.References