The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
info-zip unzip |