3 matches found
CVE-2023-22899
CVE-2023-22899 affects Zip4j (v2.11.2 and earlier) as used in products like IBM/App Connect Enterprise and Threema. The issue is that MAC verification is not consistently applied when decrypting ZIP archives, constituting a cryptographic integrity risk. Several connected sources confirm the impac...
CVE-2022-24615
CVE-2022-24615 affects the zip4j library. Multiple connected sources confirm that up to version 2.10.0 (and historically up to 2.9.1 in some advisories) can throw various uncaught exceptions while parsing a specially crafted ZIP file, leading to an application crash and enabling a denial-of-servi...
CVE-2018-1002202
CVE-2018-1002202 concerns the zip4j Java library prior to 1.3.3, vulnerable to a directory traversal (Zip-Slip) when extracting a crafted Zip entry containing "..". This can allow writing to arbitrary files on the target system. Reported impact per sources indicates potential integrity impact (hi...