Subject: [ASA-201804-3] zziplib: denial of service Arch Linux Security Advisory ASA-201804-3 ========================================= Severity: Medium Date : 2018-04-04 CVE-ID : CVE-2018-7725 CVE-2018-7726 CVE-2018-7727 Package : zziplib Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-612 Summary ======= The package zziplib before version 0.13.69-1 is vulnerable to denial of service. Resolution ========== Upgrade to 0.13.69-1. # pacman -Syu "zziplib>=0.13.69-1" The problems have been fixed upstream in version 0.13.69. Workaround ========== None. Description =========== - CVE-2018-7725 (denial of service) An out of bounds read was found in function zzip_disk_fread of ZZIPlib before 0.13.69, when ZZIPlib mem_disk functionality is used. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. - CVE-2018-7726 (denial of service) An improper input validation was found in function __zzip_fetch_disk_trailer of ZZIPlib before 0.13.69, that could lead to a crash in __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. - CVE-2018-7727 (denial of service) A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib before 0.13.69, that could lead to resource exhaustion. Local attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. Impact ====== A remote attacker can cause a denial of service via a specially crafted zip file. References ========== https://github.com/gdraheim/zziplib/issues/39 https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06 https://github.com/gdraheim/zziplib/issues/41 https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b https://github.com/gdraheim/zziplib/issues/40 https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4 https://security.archlinux.org/CVE-2018-7725 https://security.archlinux.org/CVE-2018-7726 https://security.archlinux.org/CVE-2018-7727