GLSA-201203-23 : libzip: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201203-23 libzip: Multiple vulnerabilities Two vulnerabilities have been found in the 'zipreadcdir' function in zipopen.c of libzip: An incorrect loop construct, which could cause a heap-based buffer overflow CVE-2012-1162. An...

Gentoo Security Advisory GLSA 201203-23 (libzip)

The remote host is missing updates announced in advisory GLSA 201203-23. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Gentoo Security Advisory GLSA 201203-23 (libzip)

The remote host is missing updates announced in advisory GLSA 201203-23. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

[SECURITY] Fedora 17 Update: libzip-0.10.1-1.fc17

libzip is a C library for reading, creating, and modifying zip archives. Fi les can be added from data buffers, files, or compressed data copied directly f rom other zip archives. Changes made without closing the archive can be reverte d. The API is documented by man pages...

Fedora 17 : libzip-0.10.1-1.fc17 (2012-4485)

Upstream changelog : - Fixed CVE-2012-1162 - Fixed CVE-2012-1163 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing addition...

[PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip

PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2012-02 Released on: 21st March 2012 Affected products: libzip = 0.10 PHP 5.4.0 PHP = 5.3.10 zipruby = 0.3.6 Impact: heap overflow, information leak Credit: - Thomas Klausner - Timo Warns PRESENSE Technologies GmbH CVE...

libzip: Multiple vulnerabilities

Background libzip is a library for manipulating zip archives. Description Two vulnerabilities have been found in the "zipreadcdir" function in zipopen.c of libzip: An incorrect loop construct, which could cause a heap-based buffer overflow CVE-2012-1162. An integer overflow, which may not restric...

[ MDVSA-2012:034 ] libzip

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:034 http://www.mandriva.com/security/ Package : libzip Date : March 23, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in libzi...

libzip 0.1 "_zip_readcdir()" 函数缓冲器溢出漏洞(CVE-2012-1162)

BUGTRAQ ID: 52658 CVE ID: CVE-2012-1162 libzip是读取、创建和修改zip文档的库 libzip在处理目录项数时， "zipreadcdir" 函数中存在错误，通过特制的ZIP文件，可造成堆缓冲器溢出，导致在受影响应用程序中执行任意代码 0 libzip 0.1 厂商补丁： libzip ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://nih.at/libzip/index.html...

Mandriva Linux Security Advisory : libzip (MDVSA-2012:034)

Multiple vulnerabilities has been found and corrected in libzip : libzip version = 0.10 uses an incorrect loop construct, which can result in a heap overflow on corrupted zip files CVE-2012-1162. libzip version = 0.10 has a numeric overflow condition, which, for example, results in improper...

Mandriva Update for libzip MDVSA-2011:099 (libzip)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for libzip MDVSA-2011:099 (libzip)

Check for the Version of libzip OpenVAS Vulnerability Test Mandriva Update for libzip MDVSA-2011:099 libzip Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Mandriva Linux Security Advisory : libzip (MDVSA-2011:099)

A vulnerability has been identified and fixed in libzip : The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service application cras...

openSUSE Security Update : libzip-devel (openSUSE-SU-2011:0449-1)

empty zip archives could crash programs using libzip CVE-2011-0421. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libzip-devel-4188. The text description of this plugin is C SUSE LLC...

libzip 0.9.3 _zip_name_locate空指针引用(incl PHP 5.3.5)

CVE ID: CVE-2011-0421 libzip是读取、创建和修改zip文档的库。 libzip 0.9.3 zipnamelocate在实现上存在空指针引用漏洞，远程攻击者可利用此漏洞进行拒绝服务。 设置ZIPFLUNCHANGED标签后，libzip可使远程和本地攻击者进行拒绝服务攻击。对于空zip文件和ZIPFLUNCHANGED旗标，libzip会发生崩溃。目前对于PHP，安全影响只是远程拒绝服务。 PHP PHP 5.3.5 libzip libzip 0.9.3 厂商补丁： libzip ------...

libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)

libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.: 18.03.2011 CVE: CVE-2011-0421 CERT: VU325039 Affected Software: - libzip 0.9.3 - PHP 5.3.5 fixed 5.3.6 Original URL:...

libzip library / PHP DoS

NULL pointer dereference in zipnamelocate...

libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)

Exploit for linux platform in category dos / poc libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.: 18.03.2011 CVE: CVE-2011-0421 CERT: VU325039 Affected Software: - libzip...

PHP 5.3.5 libzip 0.9.3 - _zip_name_locate Null Pointer Dereference

PHP 5.3.5 libzip 0.9.3 - zipnamelocate Null Pointer Dereference Source: http://securityreason.com/securityalert/8146 libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.:...

libzip 0.9.3 NULL Pointer Dereference

libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.: 18.03.2011 CVE: CVE-2011-0421 CERT: VU325039 Affected Software: - libzip 0.9.3 - PHP 5.3.5 fixed 5.3.6 Original URL:...