Astra Linux – Vulnerability in zziplib

The infinite loop in zziplib v0.13.69 allows remote attackers to cause a denial of service by using the return value “zzipfileread” in the function “unzzipcatfile”...

Linux Distros Unpatched Vulnerability : CVE-2018-6542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ZZIPlib 0.13.67, there is a bus error when handling a disk64trailer seek value caused by loading of a misaligned address in the zzipdiskfindfirst function of...

The vulnerability of the __zzip_fetch_disk_trailer() function in the /zzip/zip.c component of the ZZIPlib compression library allows a hacker to induce a service failure.

The vulnerability of the zzipFetchFetchDiskTrailer function in the /zzip/zip.c component of the ZZIPlib compression library is related to the copying of buffers without checking the input data. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

ZZIPlib security vulnerability

ZZIPlib is a compressed document extraction library. A security vulnerability exists in ZZIPlib version v0.13.77, which stems from a denial of service vulnerability in the zzipfetchdisktrailer function of the /zzip/zip.c file...

SUSE CVE-2007-1614

Stack-based buffer overflow in the zzipopensharedio function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service application crash or execute arbitrary code via a long filename...

SUSE CVE-2017-5976

Heap-based buffer overflow in the zzipmementryextrablock function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service crash via a crafted ZIP file...

SUSE CVE-2017-5977

The zzipmementryextrablock function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service invalid memory read and crash via a crafted ZIP file...

SUSE CVE-2018-6381

In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzipdiskfread function zzip/mmapped.c because the size variable is not validated against the amount of...

SUSE CVE-2018-16548

An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function zzipparserootdirectory in zip.c, which will lead to a denial of service attack...

UBUNTU-CVE-2020-18442

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzipfileread" in the function "unzzipcatfile"...

The vulnerability of the zzip_disk_fread function in the ZZIPlib library, related to the occurrence of operations outside the buffer’s boundaries, allows a hacker to cause a service failure.

The vulnerability of the zzipdiskfread function in the ZZIPlib compression library is related to the occurrence of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures by using a specially created zip file...

The vulnerability of the `__zzip_parse_root_directory` function in the ZZIPlib compression library, related to the occurrence of operations outside the buffer’s boundaries, allows a hacker to trigger a service failure.

The vulnerability of the zzipparserootdirectory function in the ZZIPlib compression library is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by using a specially created zip file...

The vulnerability of the zzip_mem_entry_new() function in the ZZIPlib compression library, which allows a hacker to cause a service failure

The vulnerability of the zzipmementrynew function zzip/memdisk.c in the ZZIPlib compression library is related to the operation exceeding the permissible buffer data size. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip

A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib, up to v0.13.68, that could lead to resource exhaustion. Local attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...

DEBIAN-CVE-2018-17828

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...

UBUNTU-CVE-2018-17828

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...

DEBIAN-CVE-2018-16548

An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function zzipparserootdirectory in zip.c, which will lead to a denial of service attack...

UBUNTU-CVE-2018-7727

An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzipmemdisknew in memdisk.c, which will lead to a denial of service attack...

UBUNTU-CVE-2018-7726

An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the zzipparserootdirectory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...

DEBIAN-CVE-2018-6869

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the zzipparserootdirectory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...