Lucene search
K

19 matches found

Circl
Circl
added 2021/02/09 10:46 p.m.5 views

CVE-2017-12858

creationtimestamp| type| source ---|---|--- 2021-02-09 22:46:35+00:00| seen| https://t.me/VulnerabilityNews/20175...

9.8CVSS6.7AI score0.03703EPSS
Exploits0References1
Prion
Prion
added 2021/02/09 7:15 p.m.23 views

Double free

A use-after-free in the zipdirentread function of zipdirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."...

7.5CVSS9.4AI score0.03703EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2021/02/09 6:7 p.m.26 views

CVE-2019-17582

A use-after-free in the zipdirentread function of zipdirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."...

9.8CVSS6.7AI score0.02451EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.31 views

Fedora 27 : libzip (2017-7bd193c0ed)

Version 1.3.0 It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are : - Support bzip2 compressed zip archives - Improve file progress callback code - Fix zipfdopen - CVE-2017-12858: Fix doubl...

9.8CVSS6.2AI score0.03703EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2017/11/07 12:0 a.m.33 views

[ASA-201711-13] libzip: arbitrary code execution

Arch Linux Security Advisory ASA-201711-13 ========================================== Severity: High Date : 2017-11-07 CVE-ID : CVE-2017-12858 Package : libzip Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-390 Summary ======= The package libzip before...

9.8CVSS2.1AI score0.03703EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/09/07 12:0 a.m.16 views

Fedora Update for mingw-libzip FEDORA-2017-f0b31bc9c5

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.03703EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/09/07 12:0 a.m.23 views

Fedora 26 : libzip (2017-840db88351)

Version 1.3.0 It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are : - Support bzip2 compressed zip archives - Improve file progress callback code - Fix zipfdopen - CVE-2017-12858: Fix doubl...

9.8CVSS6.2AI score0.03703EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/09/07 12:0 a.m.26 views

Fedora 25 : mingw-libzip (2017-f0b31bc9c5)

This update fixes CVE-2017-12858. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

9.8CVSS6.9AI score0.03703EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/09/01 12:0 a.m.22 views

Fedora 26 : mingw-libzip (2017-5617ab3b38)

This update fixes CVE-2017-12858. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

9.8CVSS6.9AI score0.03703EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/09/01 12:0 a.m.21 views

Fedora Update for mingw-libzip FEDORA-2017-5617ab3b38

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.03703EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/08/23 7:18 p.m.32 views

CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

9.8CVSS7.7AI score0.03703EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/08/23 2:29 p.m.25 views

CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

9.8CVSS6.8AI score0.03703EPSS
Exploits0References2
OSV
OSV
added 2017/08/23 2:29 p.m.21 views

CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

9.8CVSS7AI score0.03703EPSS
Exploits0References2
NVD
NVD
added 2017/08/23 2:29 p.m.19 views

CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

9.8CVSS9.6AI score0.03703EPSS
Exploits0References2
CVE
CVE
added 2017/08/23 2:0 p.m.108 views

CVE-2017-12858

CVE-2017-12858 is a double-free vulnerability in libzip’s _zip_dirent_read (zip_dirent.c) that allows arbitrary code execution via crafted ZIP archives. Arch Linux ASA-201711-13 and Fedora advisories confirm the impact as remote arbitrary code execution and indicate upstream fix in libzip 1.3.0. ...

9.8CVSS9.4AI score0.03703EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/08/23 2:0 p.m.38 views

CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

9.6AI score0.03703EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/08/23 2:0 p.m.26 views

CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

9.8CVSS6.9AI score0.03703EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2017/08/23 2:0 p.m.41 views

CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

9.8CVSS9.7AI score0.03703EPSS
Exploits0
Hacker One
Hacker One
added 2017/08/15 4:29 p.m.40 views

Internet Bug Bounty: CVE-2017-12858: Heap UAF in _zip_buffer_free() / Double free in _zip_dirent_read()

libzip is a C library for reading, creating, and modifying zip archives. A partial list of projects using libzip include: Plex Home Theater, MySQL Workbench, ckmame, fuse-zip, lua-zip, php zip extension, zipruby, Endeavour2, FreeDink, DeaDBeeF vfszip plugin, OpenLierox, ebook-tools, PDF Expert,...

7.5CVSS8.9AI score0.03703EPSS
Exploits0
Rows per page
Query Builder