|Type||Arbitrary code execution|
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
Still no fix upstream. We do use FORTIFY_SOURCE=2 on our builds and that works as a "workaround" since it kills the app. Downgrading the severity to 'low' since we don't really care about DoS in unzip.