Primary

Context

NanaZip Out-of-Bounds Heap Read Vulnerability in .NET Single File Bundle Parser

Vulnerability

A vulnerability allowing out-of-bounds heap read has been identified in NanaZip versions 5.0.1252.0 prior to 6.0.1630.0. The issue arises in the .NET Single File bundle header parser, where a lack of proper bounds checking allows crafted files to be processed incorrectly. This vulnerability can lead to application crashes or unauthorized leakage of heap data to the user.

Impact

Exploitation of this vulnerability causes a crash and leaks heap data to the user.

Reproduction

The vulnerability can be reproduced by opening a crafted .NET Single File bundle with NanaZip version 5.0.1252.0 or later, but prior to 6.0.1630.0. The application will crash due to an access violation, indicating that the out-of-bounds read has occurred.

Remediation

Users can upgrade to NanaZip version 6.0.1630.0 or later to address this vulnerability.

Added: Feb 19, 2026, 9:35 PM

Updated: Feb 19, 2026, 9:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.7

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.7

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NanaZip Out-of-Bounds Heap Read Vulnerability in .NET Single File Bundle Parser

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating