Lucene search
Ubuntu.comUB:CVE-2012-1163HistoryJul 12, 2012 - 12:00 a.m.
CVE-2012-1163
2012-07-1200:00:00
ubuntu.com
ubuntu.com
10
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
87.9%
Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10
allows remote attackers to execute arbitrary code via the size and offset
values for the central directory in a zip archive, which triggers “improper
restrictions of operations within the bounds of a memory buffer” and an
information leak.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | only 0.10 affected http://hg.nih.at/libzip?cs=feb6cbf7e8c4 introduced the problem |
Related
prion
prion
Integer overflow
2012-07-12 20:55:00
cve
cve
CVE-2012-1163
2012-07-12 20:55:00
debiancve
debiancve
CVE-2012-1163
2012-07-12 20:55:00
openvas
openvas
Fedora Update for libzip FEDORA-2012-4485
2012-08-30 00:00:00
Gentoo Security Advisory GLSA 201203-23 (libzip)
2012-04-30 00:00:00
Mandriva Update for libzip MDVSA-2012:034 (libzip)
2012-08-03 00:00:00
nessus
nessus
GLSA-201203-23 : libzip: Multiple vulnerabilities
2012-06-21 00:00:00
Mandriva Linux Security Advisory : libzip (MDVSA-2012:034)
2012-03-23 00:00:00
Fedora 17 : libzip-0.10.1-1.fc17 (2012-4485)
2012-04-12 00:00:00
securityvulns
securityvulns
libzip securitty vulnerabilities
2012-04-02 00:00:00
[PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip
2012-04-02 00:00:00
[ MDVSA-2012:034 ] libzip
2012-03-25 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: libzip-0.10.1-1.fc17
2012-04-12 02:48:29
gentoo
gentoo
libzip: Multiple vulnerabilities
2012-03-29 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
87.9%
Related for UB:CVE-2012-1163