January 3, 2025

An alleged 7-Zip zero-day is actually an AI hoax

Blog

Twitter user posts about alleged zero-day vulnerability in 7-Zip software
However, 7-Zip creators were quick to expose the flaw
Igor Pavlov says artificial intelligence hallucinations are to blame, flaws are illegitimate

As a New Year’s gift, a Twitter user posted details of a zero-day vulnerability on a popular website File compression software 7-Zip – But its creator, Igor Pavlov, quickly exposed it as an artificial intelligence hoax.

“The general conclusion is that the fake vulnerability code from Twitter was generated by LLM (AI),” he said in Comment On the software repository Sourceforge.net (via Tom’s Hardcore).

Pavlov went on to say that the exploit code was essentially the product of an LLM hallucination – artificial intelligence making things up, which has become a common occurrence as artificial intelligence becomes more widespread.

7-Zip Exploit Code Illusion

Comments in the “fake” code include the following statement: “This exploit targets a buffer overflow condition in the LZMA decoder of the 7-Zip software.”

“But there is no RC_NORM function in it [the] LZMA decoder. In contrast, 7-Zip includes the RC_NORM macro in the LZMA encoder and PPMD decoder. Therefore, the LZMA decoding code does not call RC_NORM. And the statement about RC_NORM in the vulnerability comment is incorrect.

We have no reason not to believe that what Pavlov said is true: 7-Zip is Open sourcefor starters, so that anyone can verify his claims.

While we won’t name the Twitter user responsible for spreading the rumor or the link to the tweet, we will say that it sounds like a cowardly attempt to gain attention on the internet – which, we know, is unthinkable – considering the user Claims to be running a week-long software zero-day exposure campaign to “thank all new trackers.”

This may seem like the stormiest teacup imaginable, but maybe you’ll hear from us again in a week.

An alleged 7-Zip zero-day is actually an AI hoax

Leave a Reply Cancel reply