CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

Double free

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

CVE-2017-12858

CVE-2017-12858 is a double-free vulnerability in libzip’s _zip_dirent_read (zip_dirent.c) that allows arbitrary code execution via crafted ZIP archives. Arch Linux ASA-201711-13 and Fedora advisories confirm the impact as remote arbitrary code execution and indicate upstream fix in libzip 1.3.0. ...

CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

Internet Bug Bounty: CVE-2017-12858: Heap UAF in _zip_buffer_free() / Double free in _zip_dirent_read()

libzip is a C library for reading, creating, and modifying zip archives. A partial list of projects using libzip include: Plex Home Theater, MySQL Workbench, ckmame, fuse-zip, lua-zip, php zip extension, zipruby, Endeavour2, FreeDink, DeaDBeeF vfszip plugin, OpenLierox, ebook-tools, PDF Expert,...

Debian DLA-846-1 : libzip-ruby security update

It was discovered that libzip-ruby, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. For Debian 7 'Wheezy'...

[SECURITY] [DLA 846-1] libzip-ruby security update

Package : libzip-ruby Version : 0.9.4-1+deb7u1 CVE ID : CVE-2017-5946 Debian Bug : 856269 It was discovered that libzip-ruby, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files...

DLA-846-1 libzip-ruby - security update

Bulletin has no description...

Analyze Suspected Malware Documents: QuickSand

Analyze Suspected Malware Documents QuickSand is a compact C framework to analyze suspected malware documents to 1 identify exploits in streams of different encodings, 2 locate and extract embedded executables. By having the ability to locate embedded obfuscated executables, QuickSand could detec...

[SECURITY] Fedora 24 Update: nodejs-zipfile-0.5.9-7.fc24

Bindings to libzip for handling zipfile archives in Node.js...

Fedora 23 : php-pecl-zip-1.13.1-1.fc23 (2015-15273)

Upstream change, Version 1.13 update bundled libzip to 1.0.1 Remi, Anatol new methods for ZipArchive: setCompressionName, setCompressionIndex Cedric Delmas allow to build with PHP 7 Fixed bug 70350 ZipArchive::extractTo allows for directory traversal when creating directories. neal at fb dot com...

Amazon Linux: Security Advisory (ALAS-2015-506)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for libzip FEDORA-2015-4553

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for mingw-libzip FEDORA-2015-4559

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : libzip (SUSE-SU-2015:0668-1)

Libzip was updated to fix one security issue. A zip file with an unusually large number of entries could have caused an integer overflow leading to a write past the heap boundary, crashing the application. CVE-2015-2331 bnc923240 Note that Tenable Network Security has extracted the preceding...

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libzip package up to version 0.10.1 of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Fedora 21 : libzip-0.11.2-5.fc21 (2015-4699)

CVE-2015-2331: integer overflow when processing ZIP archives 1204676,1204677 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...