Published: 29/01/2018 Updated: 05/03/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zziplib project zziplib 0.13.67
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04

zziplib could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #910335 zziplib: CVE-2018-16548: Memory leak triggered in the function __zzip_parse_root_directory in zipc Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 4 Oct 2018 21:18:02 UTC Severity ...

Debian Bug report logs - #923659 zziplib: CVE-2018-6540: bus error in zzip_disk_findfirst function in zzip/mmappedc Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Mar 2019 12:27:02 UTC Severity: important Tags ...

Debian Bug report logs - #889096 zziplib: CVE-2018-6381: Invalid memory access in zzip_disk_fread Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Feb 2018 21:15:01 UTC Severity: important Tags: fixed-upstream, p ...

Debian Bug report logs - #889089 zziplib: CVE-2018-6484: Bus error in __zzip_fetch_disk_trailer Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Feb 2018 21:00:13 UTC Severity: important Tags: fixed-upstream, pat ...

Debian Bug report logs - #913165 zziplib: CVE-2018-7726 CVE-2018-7725 Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 7 Nov 2018 18:54:02 UTC Severity: grave Tags: patch, security, upstream Found in version zziplib/0 ...

In ZZIPlib 01367, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmappedc) because the size variable is not validated against the amount of file->stored data ...

CWE-119 https://github.com/gdraheim/zziplib/issues/12 https://usn.ubuntu.com/3699-1/https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-6381 https://usn.ubuntu.com/3699-1/https://nvd.nist.gov

CVE-2018-6381

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect