Fedora 22 : mingw-libzip-0.11.2-3.fc22 (2015-4559)

Security fix for CVE-2015-2331. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

[SECURITY] Fedora 22 Update: mingw-libzip-0.11.2-3.fc22

libzip is a C library for reading, creating, and modifying zip archives. Fi les can be added from data buffers, files, or compressed data copied directly f rom other zip archives. Changes made without closing the archive can be reverte d. The API is documented by man pages...

PHP ZIP extension _zip_cdir_new function integer overflow vulnerability

PHP is a popular programming language. An integer overflow vulnerability in the zipcdirnew function in zipdirent.c in libzip 0.11.2, used in the PHP ZIP extension, allows remote attackers to exploit via a special ZIP archive to crash an application or execute arbitrary code...

CVE-2015-2331

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...

CVE-2015-2331

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...

DEBIAN-CVE-2015-2331

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...

CVE-2015-2331

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...

Integer overflow

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...

UBUNTU-CVE-2015-2331

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...

CVE-2015-2331

CVE-2015-2331: Integer overflow in libzip’s _zip_cdir_new (zip_dirent.c) used by PHP ZIP extension. Affected: libzip

Mandriva Linux Security Advisory : php (MDVSA-2015:079)

Multiple vulnerabilities has been discovered and corrected in php : S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code...

openSUSE Security Update : libzip (openSUSE-2015-265)

Libzip was updated to fix one security issue. A zip file with an unusually large number of entries could have caused an integer overflow leading to a write past the heap boundary, crashing the application. CVE-2015-2331 bnc923240 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...

FreeBSD : libzip -- integer overflow (264749ae-d565-11e4-b545-00269ee29e57)

libzip developers report : Avoid integer overflow. Fixed similarly to patch used in PHP copy of libzip. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine...

php: integer overflow

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or,...

SUSE-SU-2015:0668-1 Security update for libzip

Libzip was updated to fix one security issue. A zip file with an unusually large number of entries could have caused an integer overflow leading to a write past the heap boundary, crashing the application. CVE-2015-2331 bnc923240...

Internet Bug Bounty: ZIP Integer Overflow leads to writing past heap boundary

https://bugs.php.net/bug.php?id=69253 Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service...

libzip -- integer overflow

libzip developers report: Avoid integer overflow. Fixed similarly to patch used in PHP copy of libzip...

libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)

No description provided by source. Source: http://securityreason.com/securityalert/8146 libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.: 18.03.2011 CVE: CVE-2011-0421 CER...

openSUSE Security Update : libzip-devel (openSUSE-SU-2011:0449-1)

empty zip archives could crash programs using libzip CVE-2011-0421. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libzip-devel-4188. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : libzip (openSUSE-SU-2012:0416-1)

2 vulnerabilities were discovered for the libzip packages in openSUSE version 12.1. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-176. The text description of this plugin is C...