Published: 01/03/2017 Updated: 07/03/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote malicious users to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zziplib project zziplib 0.13.62

Debian Bug report logs - #854727 zziplib: Multiple vulnerabilities Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:33:02 UTC Severity: grave Tags: security Found in version zziplib/01362-3 Fixed in ver ...

The zzip_mem_entry_extra_block function in memdiskc in zziplib 01362 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file ...

CWE-125 https://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/http://www.openwall.com/lists/oss-security/2017/02/14/3 http://www.securityfocus.com/bid/96268 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854727

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-5977

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect