CVE-2018-7726 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
An improper input validation was found in function __zzip_fetch_disk_trailer of ZZIPlib before 0.13.69, that could lead to a crash in __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
Group Package Affected Fixed Severity Status Ticket
AVG-612 zziplib 0.13.68-1 0.13.69-1 Medium Fixed
Date Advisory Group Package Severity Description
04 Apr 2018 ASA-201804-3 AVG-612 zziplib Medium denial of service
References
https://github.com/gdraheim/zziplib/issues/41
https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be
https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b