157 matches found
CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
NewStart CGSL CORE 5.05 / MAIN 5.05 : zlib Vulnerability (NS-SA-2023-0021)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has zlib packages installed that are affected by a vulnerability: - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 Note that Nessus has no...
Amazon Linux 2023 : minizip-compat, minizip-compat-devel, zlib (ALAS2023-2023-003)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-003 advisory. An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large numbe...
CentOS: Security Advisory for minizip (CESA-2023:1095)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
minizip, zlib security update
CentOS Errata and Security Advisory CESA-2023:1095 An update for zlib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CentOS: Security Advisory for minizip (CESA-2022:2213)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
minizip, zlib security update
CentOS Errata and Security Advisory CESA-2022:2213 An update for zlib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
openSUSE 15 Security Update : zlib (openSUSE-SU-2022:1061-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:1061-1 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 Note that...
minizip:unzip_fuzzer: Stack-buffer-overflow in crc32_z
Project: https://github.com/nmoinvaz/minizip.git Detailed Report: https://oss-fuzz.com/testcase?key=5766806240493568 Project: minizip Fuzzing Engine: libFuzzer Fuzz Target: unzipfuzzer Job Type: libfuzzerasani386minizip Platform Id: linux Crash Type: Stack-buffer-overflow READ 4 Crash Address:...
minizip:unzip_fuzzer: Stack-buffer-overflow in crc32_z
Project: https://github.com/nmoinvaz/minizip.git Detailed Report: https://oss-fuzz.com/testcase?key=5737646432452608 Project: minizip Fuzzing Engine: afl Fuzz Target: unzipfuzzer Job Type: aflasanminizip Platform Id: linux Crash Type: Stack-buffer-overflow READ 4 Crash Address: 0x7ffe99ff1360 Cra...
minizip/unzip_fuzzer: Index-out-of-bounds in BZ2_decompress
Project: https://github.com/nmoinvaz/minizip.git Detailed report: https://oss-fuzz.com/testcase?key=5714988497371136 Project: minizip Fuzzer: libFuzzerminizipunzipfuzzer Fuzz target binary: unzipfuzzer Job Type: libfuzzerubsanminizip Platform Id: linux Crash Type: Index-out-of-bounds Crash Addres...
minizip/unzip_fuzzer: Use-of-uninitialized-value in mz_zip_entry_read_header
Project: https://github.com/nmoinvaz/minizip.git Detailed report: https://oss-fuzz.com/testcase?key=5707718795460608 Project: minizip Fuzzer: libFuzzerminizipunzipfuzzer Fuzz target binary: unzipfuzzer Job Type: libfuzzermsanminizip Platform Id: linux Crash Type: Use-of-uninitialized-value Crash...
Directory traversal
Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...
CVE-2014-9485
Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...
DEBIAN-CVE-2014-9485
Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...
UBUNTU-CVE-2014-9485
Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...
CVE-2014-9485
Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...