Published: 01/03/2017 Updated: 04/11/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zziplib project zziplib 0.13.62

Debian Bug report logs - #854727 zziplib: Multiple vulnerabilities Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:33:02 UTC Severity: grave Tags: security Found in version zziplib/01362-3 Fixed in ver ...

zziplib could be made to crash or run programs as your login if it opened a specially crafted file ...

Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed For the stable distribution (jessie), these problems have been fixed in version 01362-3+deb8u1 For the upcoming stable dist ...

The zzip_mem_entry_new function in memdiskc in zziplib 01362 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file ...

CWE-476 https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/http://www.securityfocus.com/bid/96268 http://www.debian.org/security/2017/dsa-3878 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854727 https://usn.ubuntu.com/3320-1/

CVE-2017-5980

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect