Published: 01/02/2018 Updated: 28/06/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zziplib project zziplib 0.13.67
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04

zziplib could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #910335 zziplib: CVE-2018-16548: Memory leak triggered in the function __zzip_parse_root_directory in zipc Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 4 Oct 2018 21:18:02 UTC Severity ...

Debian Bug report logs - #923659 zziplib: CVE-2018-6540: bus error in zzip_disk_findfirst function in zzip/mmappedc Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Mar 2019 12:27:02 UTC Severity: important Tags ...

Debian Bug report logs - #889096 zziplib: CVE-2018-6381: Invalid memory access in zzip_disk_fread Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Feb 2018 21:15:01 UTC Severity: important Tags: fixed-upstream, p ...

Debian Bug report logs - #889089 zziplib: CVE-2018-6484: Bus error in __zzip_fetch_disk_trailer Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Feb 2018 21:00:13 UTC Severity: important Tags: fixed-upstream, pat ...

Debian Bug report logs - #913165 zziplib: CVE-2018-7726 CVE-2018-7725 Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 7 Nov 2018 18:54:02 UTC Severity: grave Tags: patch, security, upstream Found in version zziplib/0 ...

An unaligned memory access bug was found in the way ZZIPlib handled ZIP files This flaw could potentially be used to crash the application using ZZIPlib by tricking the application into processing specially crafted ZIP files ...

NVD-CWE-noinfo https://github.com/gdraheim/zziplib/issues/14 https://usn.ubuntu.com/3699-1/https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://usn.ubuntu.com/3699-1/https://nvd.nist.gov

CVE-2018-6484

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect