A buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
A buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
https://www.openwall.com/lists/oss-security/2016/12/05/13 https://www.openwall.com/lists/oss-security/2016/12/05/13 https://www.openwall.com/lists/oss-security/2016/12/05/20 https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750 https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/0001-Fix-CVE-2016-9844-rhbz-1404283.patch