I was wondering what it means to have a security exploit in a library that is used by our application.

For instance we are using 7-zip for compression in our application (for instance to create backup files), which we install through our setup program in a folder together with our application. We don't actually install 7-zip application, but just copy the libraries that are then used by our application.

As an example, there were security updates for 7-zip in the past because of vulnerabilities (https://www.groovypost.com/news/serious-security-exploits-found-in-7-zip-update-available/)

What would that mean for our application, if we won't update the 7-zip libraries on time, how would an attacker be able to take advantage of those libraries to exist in our application folder? I am not sure if the fact that these libraries are only used from our application don't pose a security risk, because they are actually not used directly by the user, or does the simple fact of their existance already give an attacker the possibility to exploit those vulnerabilities?