AVG-390

Package libzip
Status Fixed
Severity High
Type arbitrary code execution
Affected 1.2.0-1
Fixed 1.3.0-1
Current 1.4.0-1 [testing]
1.3.2-1 [extra]
Ticket None
Created Wed Aug 23 18:18:23 2017
Issue Severity Remote Type Description
CVE-2017-12858 High Yes Arbitrary code execution
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to execute arbitrary code via a crafted zip file.
Date Advisory Package Description
07 Nov 2017 ASA-201711-13 libzip arbitrary code execution
References
https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796