Published: 01/03/2017 Updated: 31/03/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote malicious users to cause a denial of service (crash) via a crafted ZIP file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zziplib project zziplib 0.13.56
zziplib project zziplib 0.13.57
zziplib project zziplib 0.13.58
zziplib project zziplib 0.13.59
zziplib project zziplib 0.13.60
zziplib project zziplib 0.13.61
zziplib project zziplib 0.13.62
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #854727 zziplib: Multiple vulnerabilities Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:33:02 UTC Severity: grave Tags: security Found in version zziplib/01362-3 Fixed in ver ...

zziplib could be made to crash or run programs as your login if it opened a specially crafted file ...

Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed For the stable distribution (jessie), these problems have been fixed in version 01362-3+deb8u1 For the upcoming stable dist ...

Heap-based buffer overflow in the __zzip_get64 function in fetchc in zziplib 01362 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file ...

CWE-787 https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c/http://www.openwall.com/lists/oss-security/2017/02/14/3 http://www.securityfocus.com/bid/96268 http://www.debian.org/security/2017/dsa-3878 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854727 https://usn.ubuntu.com/3320-1/

CVE-2017-5975

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect