8 matches found
PT-2026-57215
Name of the Vulnerable Software and Affected Versions adm-zip versions prior to 0.5.18 Description A denial-of-service issue exists when parsing crafted ZIP files with a manipulated uncompressed size header field. The library allocates memory based on the declared uncompressed size from the ZIP...
CVE-2025-14009
The CVE describes a critical remote code execution flaw in the nltk/nltk project, via the downloader component. The vulnerable code path is in _unzip_iter within nltk/downloader.py, which calls zipfile.extractall() without path validation or security checks, allowing a malicious zip package to ex...
EUVD-2022-28867
Malicious code in bioql PyPI...
PT-2025-11214
Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.1.1198 Description: The issue concerns potential data loss when using Vim with the zip.vim plugin and specially crafted zip files. The impact is considered medium as it requires a user to view the malicious archive wit...
PT-2024-36562
Name of the Vulnerable Software and Affected Versions python-libarchive versions 4.2.1 and earlier Description The issue allows directory traversal, enabling the creation of files in extract in zip.py for ZipFile.extractall and ZipFile.extract functions. This can be exploited to create files...
SUSE CVE-2022-23951
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...
Design/Logic Flaw
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...
CVE-2022-23951
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs...