apache-commons-compress: Infinite loop in name encoding algorithm

A resource consumption vulnerability was discovered in apache-commons-compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being controlled by the user, may be vulnerable to this flaw. A remote attack...

UBUNTU-CVE-2016-3620

The ZIPEncode function in tifzip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service buffer over-read via a crafted BMP image...