7-Zip Block Flags and Reserved Bits Error Handling Vulnerability

A vulnerability exists in 7-Zip version 22.01, where the application fails to report errors for certain invalid xz files related to block flags and reserved bits. This issue allows for the creation of malicious compressed xz files that 7-Zip incorrectly processes as valid, potentially leading to unexpected behaviors in programs that rely on 7-Zip for file handling.

Impact

Exploitation of this vulnerability can cause 7-Zip to incorrectly process corrupted xz files, returning a success status while ignoring the actual error. This could lead to critical tasks failing when they depend on the improperly handled components.

Reproduction

The vulnerability can be reproduced by using 7-Zip to extract a corrupted xz file that has been crafted to exploit this issue. The xz utility will correctly identify the file as broken, but 7-Zip will fail to report the error, demonstrating the vulnerability.