{
  "affected": [
    {
      "ecosystem_specific": {},
      "package": {
        "ecosystem": "Alpine:v3.24",
        "name": "7zip",
        "purl": "pkg:apk/alpine/7zip?arch=source"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.01-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, _blockToNode is allocated with capacity for every metadata block but populated only when an inode crosses a block boundary, so a crafted image with few inodes spanning many blocks leaves most slots holding raw heap contents (the underlying allocator does not zero-initialize POD storage). When OpenDir looks up an attacker-influenced blockIndex (derived from the RootInode superblock field), it reads two of these uninitialized slots and passes them as the left/right bounds of a binary search over _nodesPos, which dereferences the midpoint without bounds checking; if the resulting value happens to match the search key, the returned index is used to read a full node struct from _nodes whose fields feed further directory parsing, forming a chained OOB read primitive that is heap-layout-dependent and not reliably triggerable. The SquashFS handler is enabled by default in stock 7z.dll and the issue triggers during Open() with no interaction beyond opening the file; impact is denial of service from wild-pointer dereference and potential heap information disclosure, with no write primitive. Version 26.01 fixes the issue.",
  "id": "ALPINE-CVE-2026-48104",
  "modified": "2026-06-18T23:18:16.125287218Z",
  "published": "2026-06-05T17:16:48.547Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://security.alpinelinux.org/vuln/CVE-2026-48104"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "upstream": [
    "CVE-2026-48104"
  ]
}