unzip -- multiple vulnerabilities

2015-09-26T00:00:00
ID 86C3C66E-B2F5-11E5-863A-B499BAEBFEAF
Type freebsd
Reporter FreeBSD
Modified 2015-09-26T00:00:00

Description

Gustavo Grieco reports:

Two issues were found in unzip 6.0: * A heap overflow triggered by unzipping a file with password (e.g unzip -p -P x sigsegv.zip). * A denegation of service with a file that never finishes unzipping (e.g. unzip sigxcpu.zip).