CVE-2017-12858

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to execute arbitrary code via a crafted zip file.
Group Package Affected Fixed Severity Status Ticket
AVG-390 libzip 1.2.0-1 1.3.0-1 High Fixed
Date Advisory Group Package Severity Description
07 Nov 2017 ASA-201711-13 AVG-390 libzip High arbitrary code execution
References
https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796