NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passing Indices as NULL and NumItems as 0xFFFFFFFF. This causes a NULL pointer dereference in the standard Test archive or Extract all code path for WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archives, resulting in a process crash. This issue is fixed in version 6.5.1749.0.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 10 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 10 Jul 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
M2team
M2team nanazip |
|
| Vendors & Products |
M2team
M2team nanazip |
Fri, 10 Jul 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passing Indices as NULL and NumItems as 0xFFFFFFFF. This causes a NULL pointer dereference in the standard Test archive or Extract all code path for WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archives, resulting in a process crash. This issue is fixed in version 6.5.1749.0. | |
| Title | NanaZip: NULL pointer dereference in Extract() of all seven NanaZip custom archive handlers when extracting/testing the whole archive | |
| Weaknesses | CWE-476 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-10T18:38:45.230Z
Reserved: 2026-06-17T14:40:28.379Z
Link: CVE-2026-55783
Updated: 2026-07-10T18:38:33.518Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-10T18:30:16Z
Weaknesses