Amazon Linux 2 : zziplib (ALAS-2024-2689)

The version of zziplib installed on the remote host is prior to 0.13.62-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2689 advisory. An issue was discovered in function zzipdiskentrytofileheader in mmapped.c in zziplib 0.13.69, which will lead to a...

SUSE CVE-2017-5978

The zzipmementrynew function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted ZIP file...

SUSE CVE-2017-5977

The zzipmementryextrablock function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted ZIP file...

Advisory ROSA-SA-2021-2006

Software: zziplib 0.13.62 OS: Cobalt 7.9 CVE-ID: CVE-2017-5977 CVE-Crit: MEDIUM CVE-DESC: The zzipmementryextrablock function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted ZIP file. CVE-STATUS: default CVE-REV:...

DEBIAN-CVE-2017-5979

The prescanentry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted ZIP file...

CVE-2017-5977

The zzipmementryextrablock function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted ZIP file...

CVE-2017-5980

The zzipmementrynew function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted ZIP file...

CVE-2017-5979

The prescanentry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted ZIP file...

CVE-2017-5976

Heap-based buffer overflow in the zzipmementryextrablock function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service crash via a crafted ZIP file...

CVE-2017-5978

The zzipmementrynew function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted ZIP file...

Code injection

seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service assertion failure and crash via a crafted ZIP file...

Out-of-bounds Read

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Out-of-bounds Read. The zzipmementryextrablock function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted ZIP...

Heap overflow

Heap-based buffer overflow in the zzipget32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service crash via a crafted ZIP file...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service assertion failure and crash via a crafted ZIP file. Remediation There is no fixed version for zziplib. References - Blogs.gentoo.or...

Design/Logic Flaw

The zzipmementryextrablock function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted ZIP file...

NULL Pointer Dereference

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to NULL Pointer Dereference. The prescanentry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted ZIP...

CVE-2017-5980

CVE-2017-5980 concerns zziplib 0.13.62, where the memdisk.c function zzip_mem_entry_new may dereference a NULL pointer when processing a crafted ZIP file, leading to a crash. The vulnerability is triggered by a malformed archive and is described across multiple advisories (e.g., Debian DLA-994-1,...

CVE-2017-5981

seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service assertion failure and crash via a crafted ZIP file...

CVE-2017-5981

seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service assertion failure and crash via a crafted ZIP file...

CVE-2017-5978

CVE-2017-5978 affects zziplib 0.13.62; the zzip_mem_entry_new function in memdisk.c allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. Upstream fixes exist in 0.13.67 and several distros patched to mitigate, e.g., Debian, Arch, Mageia.