The _zip_read_eocd64 function in zip_open.c in libzip prior to 1.3.0 mishandles EOCD records, which allows remote malicious users to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libzip libzip |
||
debian debian linux 9.0 |