Primary

Context

NanaZip ROMFS Archive Parser Infinite Loop Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in NanaZip versions 5.0.1252.0 prior to 6.0.1630.0. The issue arises in the ROMFS archive parser, where circular 'NextOffset' chains create an infinite loop. This vulnerability can be exploited by opening a crafted ROMFS file with NanaZip, causing the application to hang indefinitely.

Impact

Exploiting this vulnerability leads to a permanent hang in NanaZip, causing the application to become unresponsive.

Reproduction

The vulnerability can be reproduced by opening a specially crafted ROMFS file that contains circular 'NextOffset' chains with NanaZip. This can be done by creating a ROMFS archive where one entry points to another in a loop, such that the parser gets stuck processing the entries.

Remediation

Users can upgrade to NanaZip version 6.0.1630.0 or later to address this vulnerability.

Added: Feb 19, 2026, 9:24 PM

Updated: Feb 19, 2026, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NanaZip ROMFS Archive Parser Infinite Loop Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating