Description
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZip’s UFS parser allows a crafted `.ufs/.ufs2/.img` file to trigger out-of-bounds memory access during archive open/listing. The bug is reachable via normal user file-open flow and can cause process crash, hang, and potentially exploitable heap corruption. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.
Published: 2026-02-25
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out-of-bounds memory corruption in NanaZip's UFS parser
Action: Apply patch
AI Analysis

Impact

NanaZip uses a UFS parser to process .ufs/.ufs2/.img files. In versions 5.0.1252.0 through earlier 6.x releases, a defect in the parser lifts a directory record length without validation. When opening a crafted archive, the parser reads or writes beyond the intended bounds. The resulting memory corruption can cause the application to crash or hang, and the nature of heap corruption suggests that a malicious actor could potentially achieve arbitrary code execution if the vulnerability is reliably exploitable. This type of flaw is classified as an out-of-bounds memory access (CWE-125).

Affected Systems

This flaw affects NanaZip applications distributed by M2Team. Specifically, all releases starting at version 5.0.1252.0 up to, but not including, 6.0.1638.0 and 6.5.1638.0 are vulnerable.

Risk and Exploitability

The CVSS v3.1 base score is 5.1, indicating a medium severity. The Exploit Prediction Scoring System assigns the exploit probability to less than 1 %, implying that, even if the vulnerability is known, successful exploitation is unlikely at this time. The issue is not listed in the CISA KEV catalog. Because the exploit requires a crafted archive file to be opened by a user, the attack vector can be inferred as local; an attacker would need to deliver or persuade a local user to open the malicious file. If exploited, consequences include application crash, potential denial of service, and, in the worst case, arbitrary code execution due to heap corruption.

Generated by OpenCVE AI on April 17, 2026 at 14:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NanaZip to version 6.0.1638.0 or later (e.g., 6.5.1638.0), which contains the parser fix.
  • Until the upgrade can be deployed, isolate or quarantine untrusted archives and avoid opening .ufs/.ufs2/.img files from unknown sources.
  • Monitor the application for crash or abnormal termination events; if such events occur, investigate for potential heap corruption anomalies and apply additional runtime protections such as ASLR and stack canaries as a temporary defense.

Generated by OpenCVE AI on April 17, 2026 at 14:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:m2team:nanazip:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H'}

Fri, 27 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared M2team
M2team nanazip
Vendors & Products M2team
M2team nanazip

Thu, 26 Feb 2026 00:00:00 +0000

Type Values Removed Values Added
Description NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZip’s UFS parser allows a crafted `.ufs/.ufs2/.img` file to trigger out-of-bounds memory access during archive open/listing. The bug is reachable via normal user file-open flow and can cause process crash, hang, and potentially exploitable heap corruption. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.
Title NanaZip UFS Archive Parser Memory Corruption via Unvalidated Directory Record Length
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

M2team Nanazip
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T15:07:47.597Z

Reserved: 2026-02-23T17:56:51.203Z

Link: CVE-2026-27711

cve-icon Vulnrichment

Updated: 2026-02-26T15:07:35.012Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-26T00:16:24.843

Modified: 2026-02-27T17:51:29.583

Link: CVE-2026-27711

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:45:21Z

Weaknesses