CVE-2012-1163

2012-07-12T00:00:00
ID UB:CVE-2012-1163
Type ubuntucve
Reporter ubuntu.com
Modified 2012-07-12T00:00:00

Description

Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.

Bugs

  • <https://bugzilla.redhat.com/show_bug.cgi?id=803028>

Notes

Author| Note
---|---
jdstrand | only 0.10 affected http://hg.nih.at/libzip?cs=feb6cbf7e8c4 introduced the problem