5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.259 Low
EPSS
Percentile
96.7%
Package : unzip
Version : 6.0-4+deb6u2
CVE ID : CVE-2014-8139 CVE-2014-9636
Debian Bug : 775640 776589
A flaw was found in the test_compr_eb() function allowing out-of-bounds
read and write access to memory locations. By carefully crafting a
corrupt ZIP archive an attacker can trigger a heap overflow, resulting
in application crash or possibly having other unspecified impact.
Additionally this update corrects a defective patch applied to address
CVE-2014-8139, which caused a regression with executable jar files.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | unzip | < 6.0-4+deb6u2 | unzip_6.0-4+deb6u2_all.deb |
Debian | 7 | i386 | unzip | < 6.0-8+deb7u2 | unzip_6.0-8+deb7u2_i386.deb |
Debian | 7 | sparc | unzip | < 6.0-8+deb7u2 | unzip_6.0-8+deb7u2_sparc.deb |
Debian | 7 | armhf | unzip | < 6.0-8+deb7u2 | unzip_6.0-8+deb7u2_armhf.deb |
Debian | 7 | armel | unzip | < 6.0-8+deb7u2 | unzip_6.0-8+deb7u2_armel.deb |
Debian | 7 | mips | unzip | < 6.0-8+deb7u2 | unzip_6.0-8+deb7u2_mips.deb |
Debian | 7 | amd64 | unzip | < 6.0-8+deb7u2 | unzip_6.0-8+deb7u2_amd64.deb |
Debian | 7 | all | unzip | < 6.0-8+deb7u2 | unzip_6.0-8+deb7u2_all.deb |
Debian | 7 | ia64 | unzip | < 6.0-8+deb7u2 | unzip_6.0-8+deb7u2_ia64.deb |
Debian | 7 | powerpc | unzip | < 6.0-8+deb7u2 | unzip_6.0-8+deb7u2_powerpc.deb |