8.4 - Security fixes
Security fixes provided in 8.4.10
Fixes are grouped by impacted file:
7za.exe
14 high or critical vulnerabilities fixed
| Name |
CVSSSeverity |
Summary |
| CVE-2016-2334 |
High |
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7-Zip before 16.00 allows remote attackers to execute arbitrary code via a crafted HFS+ image |
| CVE-2016-2335 |
High |
Integer underflow in 7-Zip before 16.00 allows remote attackers to execute arbitrary code via a crafted archive |
| CVE-2016-7804 |
High |
Untrusted search path vulnerability in 7-Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory |
| CVE-2017-17969 |
High |
Heap-based buffer overflow in 7-Zip before 18.00 allows remote attackers to execute arbitrary code via a crafted RAR archive |
| CVE-2018-5996 |
High |
Insufficient exception handling in 7-Zip before 18.00 allows remote attackers to cause a denial of service via a crafted RAR archive |
| CVE-2018-10115 |
High |
Incorrect exception handling in 7-Zip before 18.01 allows attackers to execute arbitrary code via a crafted ZIP archive |
| CVE-2018-10172 |
High |
Insufficient size check in 7-Zip before 18.05 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted UDF file |
| CVE-2023-31102 |
High |
Vulnerability in 7-Zip allows attackers to cause denial of service or potentially execute code |
| CVE-2023-40481 |
High |
Heap buffer overflow in 7-Zip through 23.01 allows attackers to cause denial of service via a crafted archive |
| CVE-2023-52169 |
High |
Integer overflow vulnerability in 7-Zip allows remote attackers to cause a denial of service or potentially execute arbitrary code |
| CVE-2024-11477 |
High |
Stack-based buffer overflow in 7-Zip allows remote attackers to execute arbitrary code via a specially crafted archive |
| CVE-2025-0411 |
High |
Memory corruption vulnerability in 7-Zip compression algorithm |
| CVE-2025-53816 |
High |
Security vulnerability in 7-Zip file extraction process |
| CVE-2025-53817 |
High |
Input validation flaw in 7-Zip archive processing |
/CSSAdmin/3rdParties/x64/libpq.dll
5 high or critical vulnerabilities fixed
| Name |
CVSSSeverity |
Summary |
| CVE-2024-7348 |
High |
PostgreSQL allows unprivileged users to modify system catalogs in certain configurations |
| CVE-2024-10979 |
High |
PostgreSQL vulnerability in relation access control |
| CVE-2025-1094 |
High |
PostgreSQL security bypass in authentication mechanism |
| CVE-2025-8714 |
High |
PostgreSQL privilege escalation vulnerability |
| CVE-2025-8715 |
High |
PostgreSQL information disclosure vulnerability |
/CSSAdmin/3rdParties/x64/pg_dump.exe
5 high or critical vulnerabilities fixed
| Name |
CVSSSeverity |
Summary |
| CVE-2024-7348 |
High |
PostgreSQL allows unprivileged users to modify system catalogs in certain configurations |
| CVE-2024-10979 |
High |
PostgreSQL vulnerability in relation access control |
| CVE-2025-1094 |
High |
PostgreSQL security bypass in authentication mechanism |
| CVE-2025-8714 |
High |
PostgreSQL privilege escalation vulnerability |
| CVE-2025-8715 |
High |
PostgreSQL information disclosure vulnerability |
/CSSAdmin/3rdParties/x64/pg_restore.exe
5 high or critical vulnerabilities fixed
| Name |
CVSSSeverity |
Summary |
| CVE-2024-7348 |
High |
PostgreSQL allows unprivileged users to modify system catalogs in certain configurations |
| CVE-2024-10979 |
High |
PostgreSQL vulnerability in relation access control |
| CVE-2025-1094 |
High |
PostgreSQL security bypass in authentication mechanism |
| CVE-2025-8714 |
High |
PostgreSQL privilege escalation vulnerability |
| CVE-2025-8715 |
High |
PostgreSQL information disclosure vulnerability |
/CSSAdmin/3rdParties/x64/psql.exe
5 high or critical vulnerabilities fixed
| Name |
CVSSSeverity |
Summary |
| CVE-2024-7348 |
High |
PostgreSQL allows unprivileged users to modify system catalogs in certain configurations |
| CVE-2024-10979 |
High |
PostgreSQL vulnerability in relation access control |
| CVE-2025-1094 |
High |
PostgreSQL security bypass in authentication mechanism |
| CVE-2025-8714 |
High |
PostgreSQL privilege escalation vulnerability |
| CVE-2025-8715 |
High |
PostgreSQL information disclosure vulnerability |
/Analysis_Runner/libssl-3-x64.dll
4 high or critical vulnerabilities fixed
| Name |
CVSSSeverity |
Summary |
| CVE-2025-15467 |
Critical |
Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow in OpenSSL, potentially leading to crash (DoS) or remote code execution |
| CVE-2025-69419 |
High |
OpenSSL vulnerability affecting libssl-3-x64 library |
| CVE-2025-69420 |
High |
Critical security flaw in OpenSSL cryptographic library |
| CVE-2025-69421 |
High |
Memory safety issue in OpenSSL affecting secure communications |
/CSSAdmin/3rdParties/x64/libssl-3-x64.dll
7 high or critical vulnerabilities fixed
| Name |
CVSSSeverity |
Summary |
| CVE-2024-4741 |
High |
Use-after-free vulnerability in OpenSSL may lead to application crash |
| CVE-2024-6119 |
High |
Denial of Service vulnerability in OpenSSL certificate verification |
| CVE-2025-9230 |
High |
OpenSSL vulnerability affecting certificate processing |
| CVE-2025-15467 |
Critical |
Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow in OpenSSL, potentially leading to crash (DoS) or remote code execution |
| CVE-2025-69419 |
High |
OpenSSL vulnerability affecting libssl-3-x64 library |
| CVE-2025-69420 |
High |
Critical security flaw in OpenSSL cryptographic library |
| CVE-2025-69421 |
High |
Memory safety issue in OpenSSL affecting secure communications |
/CSSAdmin/3rdParties/x64/ssleay32.dll
10 high or critical vulnerabilities fixed
| Name |
CVSSSeverity |
Summary |
| CVE-2021-3712 |
High |
ASN.1 strings in OpenSSL when directly constructed without NUL termination can cause read buffer overrun when printed or processed, potentially resulting in crash (DoS) or disclosure of private memory contents |
| CVE-2021-23840 |
High |
Integer overflow in CipherUpdate in OpenSSL can lead to buffer overflow |
| CVE-2022-0778 |
High |
OpenSSL is vulnerable to denial of service caused by infinite loop in BN_mod_sqrt() function when parsing certificates with invalid explicit curve parameters |
| CVE-2022-1292 |
High |
OpenSSL c_rehash script is vulnerable to command injection due to improper sanitization of shell metacharacters, allowing attackers to execute arbitrary commands |
| CVE-2022-2068 |
High |
Additional command injection high or critical vulnerabilities in OpenSSL c_rehash script beyond CVE-2022-1292, allowing arbitrary command execution on systems where the script is automatically executed |
| CVE-2023-0215 |
High |
Use-after-free vulnerability in OpenSSL’s BIO_new_NDEF function can cause denial of service when processing specially crafted streaming ASN.1 data |
| CVE-2023-0286 |
High |
Type confusion vulnerability in OpenSSL X.400 address processing inside X.509 GeneralName may allow attackers to read memory contents or cause denial of service |
| CVE-2023-0464 |
High |
Excessive resource consumption in OpenSSL certificate policy checking can lead to denial of service |
| CVE-2025-9230 |
High |
OpenSSL vulnerability affecting certificate processing |
| CVE-2025-69421 |
High |
Memory safety issue in OpenSSL affecting secure communications |
/CSSAdmin/3rdParties/x64css5/libssl-3-x64.dll
4 high or critical vulnerabilities fixed
| Name |
CVSSSeverity |
Summary |
| CVE-2025-15467 |
Critical |
Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow in OpenSSL, potentially leading to crash (DoS) or remote code execution |
| CVE-2025-69419 |
High |
OpenSSL vulnerability affecting libssl-3-x64 library |
| CVE-2025-69420 |
High |
Critical security flaw in OpenSSL cryptographic library |
| CVE-2025-69421 |
High |
Memory safety issue in OpenSSL affecting secure communications |
Security fixes provided in 8.4.8
| CVE |
Severity |
Summary |
| CVE-2022-45787 |
Medium |
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. |
| CVE-2024-21147 |
High |
/Analysis_Runner/jre/release Vulnerability in Oracle Java SE product allows unauthorized access to data |
| CVE-2025-21587 |
High |
/Analysis_Runner/jre/release Vulnerability in Java Runtime Environment (JRE) component |
| CVE-2025-30749 |
High |
/Analysis_Runner/jre/release Security flaw in Java SE allowing potential code execution |
| CVE-2025-50059 |
High |
/Analysis_Runner/jre/release Java vulnerability affecting secure communications |
| CVE-2025-50106 |
High |
/Analysis_Runner/jre/release Critical vulnerability in Java SE runtime |
| CVE-2025-53066 |
High |
/Analysis_Runner/jre/release High severity vulnerability in Oracle Java |
Security fixes provided in 8.4.7
| CVE |
Severity |
Summary |
| CVE-2025-61385 |
High |
SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal. |
| CVE-2025-48924 |
High |
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(…) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. |
| CVE-2025-8869 |
Medium |
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn’t implement PEP 706. |
| CVE-2022-45787 |
Medium |
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. |
| CVE-2023-4218 |
Medium |
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. |
Security fixes provided in 8.4.4
| Issue ID |
Found in |
Component |
| SQ34201 |
Imaging Core 8.4.3 |
DMT - SVN Extractor |
| SQ34304 |
Imaging Core 8.4.3 |
Consistency Checker |
| SQ34304 |
Imaging Core 8.4.3 |
Analysis Runner |
| SQ31101 |
Imaging Core 8.4.3 |
Consistency Checker |
| SQ31101 |
Imaging Core 8.4.3 |
Combined Importer |
| SQ31103 |
Imaging Core 8.4.3 |
Consistency Checker |
| SQ31103 |
Imaging Core 8.4.3 |
Tools Restore |
| SQ31103 |
Imaging Core 8.4.3 |
Analysis Runner |
| SQ31103 |
Imaging Core 8.4.3 |
CSSAdmin |