zziplib - multiple vulnerabilities

NIST reports (by search in the range 2017/01/01 - 2018/07/06):

17 security fixes in this release:

Heap-based buffer overflow in the __zzip_get32 function in fetch.c.
Heap-based buffer overflow in the __zzip_get64 function in fetch.c.
Heap-based buffer overflow in the zzip_mem_entry_extra_block function
in memdisk.c.
The zzip_mem_entry_new function in memdisk.c allows remote attackers
to cause a denial of service (out-of-bounds read and crash) via a
crafted ZIP file.
The prescan_entry function in fseeko.c allows remote attackers to cause
a denial of service (NULL pointer dereference and crash) via crafted
ZIP file.
The zzip_mem_entry_new function in memdisk.c cause a NULL pointer
dereference and crash via a crafted ZIP file.
seeko.c cause a denial of service (assertion failure and crash) via a
crafted ZIP file.
A segmentation fault caused by invalid memory access in the
zzip_disk_fread function because the size variable is not validated
against the amount of file->stored data.
A memory alignment error and bus error in the __zzip_fetch_disk_trailer
function of zzip/zip.c.
A bus error caused by loading of a misaligned address in the
zzip_disk_findfirst function.
An uncontrolled memory allocation and a crash in the __zzip_parse_root_directory
function.
An invalid memory address dereference was discovered in zzip_disk_fread
in mmapped.c.
A memory leak triggered in the function zzip_mem_disk_new in
memdisk.c.