libzip -- denial of service

2017-09-01T00:00:00
ID B2952517-07E5-4D19-8850-21C5B7E0623F
Type freebsd
Reporter FreeBSD
Modified 2017-09-01T00:00:00

Description

libzip developers report:

The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.