UBUNTU-CVE-2025-61728

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

Malicious Package

Overview com.unity.sharp-zip-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

EUVD-2025-199914

Malicious code in com.unity.sharp-zip-lib npm...

ALSA-2025:20838 Moderate: zziplib security update

The zziplib is a lightweight library to easily extract data from zip files. Security Fixes: zziplib: directory traversal in unzzipcat in the bins/unzzipcat-mem.c CVE-2018-17828 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

ABB PCM600

SUMMARY An update is available that resolves vulnerability in the product versions listed as affected in this advisory. An attacker who successfully exploited this vulnerability could insert and run arbitrary code in the system. 2. MITIGATING FACTORS Mitigating factors describe conditions and...

EUVD-2018-0219

Malicious code in bioql PyPI...

Oracle Linux 9 : python-zipp (ELSA-2025-38828)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-38828 advisory. 3.20.1-2 - Make package buildable for epel=9 3.20.1-1 - Update to 3.20.1 rhbz2307990 3.20.0-1 - Update to 3.20.0 rhbz2304028 3.19.2-3 - Rebuilt for...

MAL-2025-20103 Malicious code in ext-zip (npm)

The package ext-zip was found to contain malicious code...

Archive::Unzip::Burst 安全漏洞

Archive::Unzip::Burst is a Perl decompression tool from the Perl community. A security vulnerability exists in Archive::Unzip::Burst 0.09 and earlier versions, which stems from multiple vulnerabilities affecting the bundled InfoZip library...

[SECURITY] Fedora 41 Update: rust-zip-2.6.1-1.fc41

Library to support the reading and writing of zip files...

[SECURITY] Fedora 42 Update: rust-zip-2.6.1-1.fc42

Library to support the reading and writing of zip files...

CVE-2025-29787

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

CVE-2025-29787

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

CVE-2025-29787 zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

CVE-2025-29787

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

CVE-2025-29787 zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

CVE-2025-29787 zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

CVE-2025-29787

CVE-2025-29787 (zip crate) : In affected versions (1.3.0 up to before 2.3.0), the archive extraction path validation is bypassed for earlier symbolic links, allowing a crafted archive to overwrite arbitrary files when extracted. Impact includes potential overwrite of critical files and possible c...

golang: archive/zip: Incorrect handling of certain ZIP files

A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...

OESA-2024-2327 zziplib security update

The zziplib is a lightweight library to easily extract data from zip files. Applications can bundle files into a single zip archive and access them. The implementation is based only on the free subset of compression with the zlib algorithm which is actually used by the zip/unzip tools. Security...