CVE-2017-5981

Published: 01/03/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

seeko.c in zziplib 0.13.62 allows remote malicious users to cause a denial of service (assertion failure and crash) via a crafted ZIP file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zziplib project zziplib 0.13.62

zziplib could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #854727 zziplib: Multiple vulnerabilities Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:33:02 UTC Severity: grave Tags: security Found in version zziplib/01362-3 Fixed in ver ...

Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed For the stable distribution (jessie), these problems have been fixed in version 01362-3+deb8u1 For the upcoming stable dist ...

seekoc in zziplib 01362 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file ...

CWE-617 https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/http://www.securityfocus.com/bid/96268 http://www.debian.org/security/2017/dsa-3878 https://usn.ubuntu.com/3320-1/https://nvd.nist.gov

CVE-2017-5981

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect