AVG-191

Package zziplib
Status Fixed
Severity High
Type multiple issues
Affected 0.13.62-2
Fixed 0.13.66-2
Current 0.13.69-1 [extra]
Ticket FS#53133
Created Wed Mar 1 18:49:59 2017
Issue Severity Remote Type Description
CVE-2017-5981 Medium Yes Denial of service
seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.
CVE-2017-5979 Medium Yes Denial of service
The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a...
CVE-2017-5976 High Yes Arbitrary code execution
Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service...
CVE-2017-5975 High Yes Arbitrary code execution
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a...
CVE-2017-5974 High Yes Arbitrary code execution
Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a...
Date Advisory Package Description
12 May 2017 ASA-201705-15 zziplib multiple issues
References
http://www.openwall.com/lists/oss-security/2017/02/14/3