zziplib

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A lightweight library that offers the ability to easily extract data from files archived in a single zip file
Version 0.13.69-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-667 0.13.67-1 0.13.68-1 Medium Fixed
AVG-612 0.13.68-1 0.13.69-1 Medium Fixed
AVG-591 0.13.66-2 0.13.67-1 Medium Fixed FS#57147
AVG-273 0.13.66-1 0.13.67-1 Medium Fixed FS#53133
AVG-191 0.13.62-2 0.13.66-2 High Fixed FS#53133
Issue Group Severity Remote Type Description
CVE-2018-7727 AVG-612 Low No Denial of service
A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib before 0.13.69, that could lead to resource exhaustion. Local attackers could leverage...
CVE-2018-7726 AVG-612 Medium Yes Denial of service
An improper input validation was found in function __zzip_fetch_disk_trailer of ZZIPlib before 0.13.69, that could lead to a crash in...
CVE-2018-7725 AVG-612 Medium Yes Denial of service
An out of bounds read was found in function zzip_disk_fread of ZZIPlib before 0.13.69, when ZZIPlib mem_disk functionality is used. Remote attackers could...
CVE-2018-6869 AVG-667 Medium Yes Denial of service
An uncontrolled memory allocation was found in ZZIPlib before 0.13.68 that could lead to a crash in the __zzip_parse_root_directory function of zzip/zip.c....
CVE-2018-6542 AVG-667 Low No Denial of service
In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst...
CVE-2018-6541 AVG-667 Medium Yes Denial of service
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer...
CVE-2018-6540 AVG-667 Medium Yes Denial of service
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers...
CVE-2018-6484 AVG-667 Low No Denial of service
An unaligned memory access bug was found in the way ZZIPlib handled ZIP files. This flaw could potentially be used to crash the application using ZZIPlib by...
CVE-2018-6381 AVG-667 Medium No Denial of service
In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable...
CVE-2017-5981 AVG-191 Medium Yes Denial of service
seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.
CVE-2017-5980 AVG-591 Medium Yes Denial of service
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash)...
CVE-2017-5979 AVG-191 Medium Yes Denial of service
The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a...
CVE-2017-5978 AVG-273 Medium Yes Denial of service
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a...
CVE-2017-5977 AVG-273 Medium Yes Denial of service
The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash)...
CVE-2017-5976 AVG-191 High Yes Arbitrary code execution
Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service...
CVE-2017-5975 AVG-191 High Yes Arbitrary code execution
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a...
CVE-2017-5974 AVG-191 High Yes Arbitrary code execution
Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a...

Advisories

Date Advisory Group Severity Description
04 Apr 2018 ASA-201804-3 AVG-612 Medium denial of service
18 Jan 2018 ASA-201801-17 AVG-273 Medium denial of service
12 May 2017 ASA-201705-15 AVG-191 High multiple issues