3 matches found
GHSA-JF2Q-463C-6F52 androidqf: Zip entry Name Injection in APK bundle (Zip Slip for zip consumers)
Summary generateZipPath constructs zip entry names for collected APKs using device controlled content from extractFileName. Since extractFileName does not reject traversal sequences, the resulting zip entry name can contain ../. AndroidQF itself does not extract the zip it creates, but any forens...
CVE-2013-0742
Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a long ZIP directory entry name in an XPS file...
UBUNTU-CVE-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...