Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html
www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
www.securityfocus.com/bid/90531
www.securitytracker.com/id/1035876
www.talosintel.com/reports/TALOS-2016-0093/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/
security.gentoo.org/glsa/201701-27