CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4811-1 advisory. It was discovered that libzip mishandled certain malformed ZIP archives. A remote attacker could use this vulnerability to cause a denial of service...

6.5CVSS5.8AI score0.00568EPSS

Exploits0References2

Positive Technologies•added 2023/01/25 12:0 a.m.•2 views

PT-2023-35773 · Git +1 · Libzip

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...

6.9AI score

Exploits0References2

OSV•added 2021/03/15 9:44 p.m.•0 views

USN-4811-1 libzip vulnerability

It was discovered that libzip mishandled certain malformed ZIP archives. A remote attacker could use this vulnerability to cause a denial of service...

6.5CVSS6.4AI score0.00568EPSS

Exploits0References2

RedhatCVE•added 2017/09/06 3:18 p.m.•24 views

CVE-2017-14107

The zipreadeocd64 function in zipopen.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service memory allocation failure in zipcdirgrow in zipdirent.c via a crafted ZIP archive...

6.5CVSS5.1AI score0.00568EPSS

Exploits0References1

CVE•added 2017/09/01 5:0 p.m.•139 views

CVE-2017-14107

CVE-2017-14107 affects libzip’s zip_open.c _zip_read_eocd64 logic prior to version 1.3.0. A crafted ZIP archive can trigger a denial of service via memory allocation failure in _zip_cdir_grow in zip_dirent.c. Several connected sources confirm this issue and indicate the fix is to upgrade to libzi...

6.5CVSS6.1AI score0.00568EPSS

Exploits0References3Affected Software1

OSV•added 2012/07/12 8:55 p.m.•4 views

CVE-2012-1163

Integer overflow in the zipreadcdir function in zipopen.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an...

7.9AI score

Exploits0References6

OSV•added 2012/07/12 8:55 p.m.•4 views

CVE-2012-1162

Heap-based buffer overflow in the zipreadcdir function in zipopen.c in libzip 0.10 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."...

7.9AI score

Exploits0References6