3 matches found
CVE-2026-39244
adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...
@lowzonenose/jsonp (>=0.0.1 <=0.0.3), @magnolia/cli (>=3.0.5 <=3.0.6) +184 more potentially affected by CVE-2018-1002204 via adm-zip (>=0.1.4 <=0.4.10)
adm-zip NPM version =0.1.4, =0.0.1, =3.0.5, =0.4.0, =0.1.3, =0.0.2, =0.0.4, =0.0.9, =0.10.0, =0.3.5, =1.0.13, =0.4.0, =0.1.0, =0.1.1 - attester =2.5.3 and more Source cves: CVE-2018-1002204 Source advisory: OSV:GHSA-3V6H-HQM4-2RG6...
Arbitrary File Write
adm-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...