19 matches found
CVE-2017-12858
creationtimestamp| type| source ---|---|--- 2021-02-09 22:46:35+00:00| seen| https://t.me/VulnerabilityNews/20175...
Double free
A use-after-free in the zipdirentread function of zipdirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."...
CVE-2019-17582
A use-after-free in the zipdirentread function of zipdirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."...
Fedora 27 : libzip (2017-7bd193c0ed)
Version 1.3.0 It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are : - Support bzip2 compressed zip archives - Improve file progress callback code - Fix zipfdopen - CVE-2017-12858: Fix doubl...
[ASA-201711-13] libzip: arbitrary code execution
Arch Linux Security Advisory ASA-201711-13 ========================================== Severity: High Date : 2017-11-07 CVE-ID : CVE-2017-12858 Package : libzip Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-390 Summary ======= The package libzip before...
Fedora Update for mingw-libzip FEDORA-2017-f0b31bc9c5
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 26 : libzip (2017-840db88351)
Version 1.3.0 It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are : - Support bzip2 compressed zip archives - Improve file progress callback code - Fix zipfdopen - CVE-2017-12858: Fix doubl...
Fedora 25 : mingw-libzip (2017-f0b31bc9c5)
This update fixes CVE-2017-12858. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Fedora 26 : mingw-libzip (2017-5617ab3b38)
This update fixes CVE-2017-12858. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Fedora Update for mingw-libzip FEDORA-2017-5617ab3b38
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-12858
Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...
CVE-2017-12858
Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...
CVE-2017-12858
Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...
CVE-2017-12858
Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...
CVE-2017-12858
CVE-2017-12858 is a double-free vulnerability in libzip’s _zip_dirent_read (zip_dirent.c) that allows arbitrary code execution via crafted ZIP archives. Arch Linux ASA-201711-13 and Fedora advisories confirm the impact as remote arbitrary code execution and indicate upstream fix in libzip 1.3.0. ...
CVE-2017-12858
Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...
CVE-2017-12858
Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...
CVE-2017-12858
Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...
Internet Bug Bounty: CVE-2017-12858: Heap UAF in _zip_buffer_free() / Double free in _zip_dirent_read()
libzip is a C library for reading, creating, and modifying zip archives. A partial list of projects using libzip include: Plex Home Theater, MySQL Workbench, ckmame, fuse-zip, lua-zip, php zip extension, zipruby, Endeavour2, FreeDink, DeaDBeeF vfszip plugin, OpenLierox, ebook-tools, PDF Expert,...