--- p7zip_9.38.1.orig/CPP/7zip/Archive/7z/7zIn.cpp	2015-01-05 18:38:01.000000000 +0000
+++ p7zip_9.38.1/CPP/7zip/Archive/7z/7zIn.cpp	2016-12-05 08:04:52.872042682 +0000
@@ -1142,7 +1142,8 @@
       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
         ThrowIncorrect();
   }
-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
+  if (folders.PackPositions) // this line is fixing CVE-2016-9296 (https://sourceforge.net/p/p7zip/bugs/185)
+    HeadersSize += folders.PackPositions[folders.NumPackStreams];
   return S_OK;
 }