10 matches found
CLSA-2026-1779213441 python3.11: Fix of 11 CVEs
CVE-2026-4224: avoid unbound C recursion in convcontentmodel in pyexpat - CVE-2026-3644: reject control characters in http.cookies.Morsel.update - CVE-2026-0672: reject control characters in http.cookies.Morsel - CVE-2025-8291: check consistency of zip64 end of central directory record -...
Security update for python310
This update for python310 fixes the following issues: Update to 3.10.19: CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars. bsc1252974 CVE-2025-8291: Check the validity the ZIP64 End of Central Directory EOCD. bsc1251305 Patch Instructions: To install this SUS...
BIT-PYTHON-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...
ZIP64 End of Central Directory (EOCD) Locator record offset not checked
...
DEBIAN-CVE-2025-8291
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...
CVE-2025-8291
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...
CVE-2017-2158
Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive...
Lhaplus Improper Authentication Vulnerability
Lhaplus is a set of file compression and decompression software. A security vulnerability exists in Lhaplus 1.73 and earlier versions that stems from the program's failure to properly handle ZIP64 archives. The vulnerability can be exploited by an attacker to obtain information from specially...
Lhaplus vulnerable to improper verification when expanding ZIP64 archives
Overview Lhaplus is file compression/decompression software. Lhaplus does not treat ZIP64 archives properly when expanding. Koji Ando of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)
A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed...