Headline
CVE-2023-31102: 7-Zip / Discussion / Open Discussion: 7-Zip 23.00
7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive.
- Home
- Browse
- 7-Zip
- Discussion
A free file archiver for extremely high compression
- Summary
- Files
- Reviews
- Support
- Wiki
- Tickets ▾
- Support Requests
- Patches
- Bugs
- Feature Requests
- News
- Discussion
Menu ▾ ▴
7-Zip 23.00
Created: 2023-05-07
Updated: 2023-09-27
7-Zip 23.00 (beta) was released.
Download
7-Zip for 64-bit Windows x64:
https://7-zip.org/a/7z2300-x64.exe7-Zip for 32-bit Windows x86:
https://7-zip.org/a/7z2300.exe7-Zip for 64-bit Windows ARM64:
https://7-zip.org/a/7z2300-arm64.exe7-Zip (console version) for 64-bit Linux x86-64 (AMD64):
https://7-zip.org/a/7z2300-linux-x64.tar.xz7-Zip (console version) for 32-bit Linux x86:
https://7-zip.org/a/7z2300-linux-x86.tar.xz7-Zip (console version) for 64-bit Linux ARM64:
https://7-zip.org/a/7z2300-linux-arm64.tar.xz7-Zip (console version) for 64-bit Linux ARM:
https://7-zip.org/a/7z2300-linux-arm.tar.xz7-Zip (console version) for macOS (ARM64 and x86-64):
https://7-zip.org/a/7z2300-mac.tar.xz7-Zip Extra: standalone console version, 7z DLL, Plugin for Far Manager:
https://www.7-zip.org/a/7z2300-extra.7zWhat’s new after 7-Zip 22.01:
- 7-Zip now can use new ARM64 filter for compression to 7z and xz archives. ARM64 filter can increase compression ratio for data containing executable files compiled for ARM64 (AArch64) architecture.
Also 7-Zip now parses executable files (that have exe and dll filename extensions) before compressing, and it selects appropriate filter for each parsed file:- BCJ or BCJ2 filter for x86 executable files,
- ARM64 filter for ARM64 executable files.
Previous versions by default used x86 filter BCJ or BCJ2 for all exe/dll files.
- Default section size for BCJ2 filter was changed from 64 MiB to 240 MiB. It can increase compression ratio for executable files larger than 64 MiB.
- UDF: support was improved.
- cpio: support for hard links.
- Some changes and optimizations in WIM creation code.
- When new 7-Zip creates multivolume archive, 7-Zip keeps in open state only volumes that still can be changed. Previous versions kept all volumes in open state until the end of the archive creation.
- 7-Zip for Linux and macOS now can reduce the number of simultaneously open files, when 7-Zip opens, extracts or creates multivolume archive. It allows to avoid the failures for cases with big number of volumes, bacause there is a limitation for number of open files allowed for a single program in Linux and macOS.
- There are optimizations in code for 7-Zip’s context menu in Explorer: the speed of preparing of the menu showing was improved for cases when big number of files were selected by external program for context menu that contains 7-Zip menu commands.
- There are changes in code for the drag-and-drop operations to and from 7-Zip File Manager.
And the drag-and-drop operation with right button of mouse now is supported for some cases. - The bugs were fixed:
- ZIP archives: if multithreaded zip compression was performed with more than one file to stdout stream (-so switch), 7-zip didn’t write “data descriptor” for some files.
- ext4 archives: 7-Zip couldn’t correctly extract symbolic link to directory from ext4 archives.
- HFS and APFS archives: 7-Zip incorrectly decoded uncompressed blocks (64 KiB) in compressed forks.
- Some another bugs were fixed.
Source code will be available later.
There are internal changes in source code across the whole code. So some new bugs are possible in this new version. That is why this version is marked as “beta” in this forum message.
If you see new bugs and problems that have appeared in this 23.00 version, please write about it in this forum thread.- 7-Zip now can use new ARM64 filter for compression to 7z and xz archives. ARM64 filter can increase compression ratio for data containing executable files compiled for ARM64 (AArch64) architecture.
Last edit: Igor Pavlov 2023-05-07
- Thanks, Igor, I can’t wait to test drive the new version.😃
Last edit: AlexS 2023-05-07
- -myx was changed.
7-Zip in default -myx5 mode now parses exe and dll files to select arm64 or x86 filter.
Also 7-Zip can select ia64 (Itanium) and armt (ARM-Thumb) filters. But these Itanium and ARM-Thumb exe and dll files now are rare cases.
- -myx was changed.
Last edit: Igor Pavlov 2023-05-07
Since the 7zz executable in the macOS archive above will only extract files correctly on versions of macOS that have a utimensat() system call, it would be better to describe that archive more precisely:
7-Zip (console version) for macOS 10.13 or newer (ARM64 and x86-64):
https://7-zip.org/a/7z2300-mac.tar.xzOn versions of macOS before 10.13, only the first file of an archive is extracted, and 7zz dies when trying to set the first extracted file’s timestamp with the missing utimensat() system call.
Last edit: Christian Carey 2023-05-08
- Here is updated English (United Kingdom) language.
- Hi, i updated my previous translation of brazilian portuguese for 23.00’s release.
Great!
Would be possible, for the next beta, to have an option to list supported archive files first, such as WinRar does?
- Thx for the new update, Igor.
Wow, one more update with the same boring interface from 25 years ago 🥱 Thanks for reminding us of Windows 98 when we open 7zip 😮💨
give him a break, he is a one man operation, as far as I know.
Funny, I was just thinking, wow, 24 years, and still creating amazing compression software, for free. The dedication is amazing. The interface is adequate for purpose. I use console version a lot as well as GUI, on Linux, Android (Termux), WSL, Windows. Everywhere I need (de)compression, automation, etc., 7-Zip is there for me, and I am grateful. If the GUI bothers you so much, get the source, modify it, share with others. Next time, try to write code for 24 years rather than complain for 24 years.
What a dumb comment, you get 7-Zip for free and post crap like this? Why don’t you just choose an alternative instead of spreading negative rubbish?
Last edit: str() 2023-05-09
* but that interface is good (Extract Here and Extract To "name\" are separate options)
- Last edit: HITCHER 2023-05-10
Hello Igor,
I don’t know if the topic has ever been discussed before. But is there any chance that 7zip will open and decompress lzip archives? I will be very grateful for your answer.
Best regards
WTno plans for lzip support now.
Thank you for the information.
Best regards,
WT
Hi, Witold,
other developers have created their own adaptations of 7-Zip to add the ability to decompress lzip archives:
- https://github.com/mcmilk/7-Zip-zstd — 7-Zip ZS 22.01 (the full installation, not the Zstandard codec plugin), only for Windows;
- https://download.savannah.gnu.org/releases/lzip/7zip/ — a set of source code patches for 7-Zip 16.04, which if you’re comfortable with compiling your own software, could be adapted to patching newer source code versions of 7-Zip. (That’s what the 7-Zip ZS developers have done.)
I haven’t tried either adaptation above. If you don’t use Windows and you’re not comfortable with compiling your own software, then continuing to use a standalone lzip program could be the simplest option.
Thank you for your tip, Christian. I have tried the ZS edition. It suits me very well :-) It works very nicely under Windows desktop.
Best regards,
WT
On the About 7-Zip dialog, the version says 23.00, but it doesn’t say 23.00 beta.
- “beta” marker of 23.00 is mentioned only here at forum.
So it’s just additional warning for user before dowloading.
It can show to potential user that the code is new, and it’s not so robust is final “non-beta” releases.
Next version of 7-Zip will be “23.01” or "23.01 beta".
There will be no any another “non-beta” 23.00.
- “beta” marker of 23.00 is mentioned only here at forum.
Thanks for a great tool with a clean and easy interface!
One tiny wish: the cmd 7za version with the -stl switch: ‘set archive timestamp from the most recently modified file’ uses a folder stamp, if the folder is more recent than the most recent file stamp. Not a big thing but sometimes it is very useful to get the most recent modified file stamp instead as originally intended.
Please keep up the good work.- -xtd switch can exclude directory metadata records from processing, if you don’t need them by some reason.
Log in to post a comment.