CVE-2026-55780 in NanaZip
Summary
by MITRE • 07/10/2026
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validated against the real file size. A crafted bundle can cause an attacker-chosen allocation inside Extract, where std::bad_alloc or std::length_error can escape across the COM STDMETHODCALLTYPE boundary and crash the process. This issue is fixed in version 6.5.1749.0.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 07/10/2026
The vulnerability identified in NanaZip versions prior to 6.5.1749.0 represents a critical buffer overflow condition within the .NET single-file bundle handler component. This flaw exists in the NanaZip.Codecs.Archive.DotNetSingleFile.cpp file where the extraction buffer size is determined by directly using the Size field from bundle entries without proper validation against actual file boundaries. The implementation only performs basic sign checking on the Size field but fails to validate that the specified size does not exceed the real file size, creating a scenario where maliciously crafted archive bundles can trigger unintended memory allocation behaviors.
The technical execution of this vulnerability exploits improper input validation mechanisms that should have been implemented according to CWE-129 principles for input validation. When an attacker crafts a bundle with an oversized Size field value, the extraction process attempts to allocate memory based on this malicious size specification rather than the actual file dimensions. This creates a potential for heap-based buffer overflows or excessive memory allocation that can lead to application instability. The vulnerability specifically affects the COM STDMETHODCALLTYPE boundary where standard C++ exceptions such as std::bad_alloc and std::length_error can propagate outside their intended scope, causing unpredictable process termination.
From an operational perspective, this vulnerability presents significant risk to users who may encounter maliciously crafted archive files during normal operation. The crash condition occurs during the extraction phase of archive processing, which is a common user activity that could be exploited through social engineering attacks or automated malware distribution channels. The impact extends beyond simple denial of service as it represents a potential pathway for more sophisticated exploitation techniques that could leverage the COM boundary crossing to achieve privilege escalation or code execution in the context of the vulnerable application.
The mitigation strategy requires immediate deployment of version 6.5.1749.0 which addresses the core validation issue by implementing proper size field verification against actual file boundaries. This fix aligns with recommended practices for secure coding and follows ATT&CK technique T1203 for legitimate credentials acquisition, as users may be tricked into processing malicious archives. Organizations should also implement monitoring for suspicious archive processing activities and consider deploying application whitelisting controls to prevent execution of untrusted archive files. The vulnerability demonstrates the importance of proper boundary checking in memory management operations and highlights the need for comprehensive input validation even in well-established software frameworks.
Security practitioners should note that this vulnerability represents a classic example of insufficient validation leading to resource exhaustion conditions that can be leveraged for denial of service attacks. The fix implemented in version 6.5.1749.0 provides the necessary validation controls to prevent malicious Size field manipulation from causing buffer allocation errors that could compromise system stability and potentially provide attackers with additional attack surface opportunities through COM interface boundaries.