Published: 09/02/2018 Updated: 28/06/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zziplib project zziplib 0.13.68
debian debian linux 7.0
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10
canonical ubuntu linux 18.04

zziplib could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #910335 zziplib: CVE-2018-16548: Memory leak triggered in the function __zzip_parse_root_directory in zipc Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 4 Oct 2018 21:18:02 UTC Severity ...

Debian Bug report logs - #923659 zziplib: CVE-2018-6540: bus error in zzip_disk_findfirst function in zzip/mmappedc Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Mar 2019 12:27:02 UTC Severity: important Tags ...

Debian Bug report logs - #889096 zziplib: CVE-2018-6381: Invalid memory access in zzip_disk_fread Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Feb 2018 21:15:01 UTC Severity: important Tags: fixed-upstream, p ...

Debian Bug report logs - #889089 zziplib: CVE-2018-6484: Bus error in __zzip_fetch_disk_trailer Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Feb 2018 21:00:13 UTC Severity: important Tags: fixed-upstream, pat ...

Debian Bug report logs - #913165 zziplib: CVE-2018-7726 CVE-2018-7725 Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 7 Nov 2018 18:54:02 UTC Severity: grave Tags: patch, security, upstream Found in version zziplib/0 ...

An uncontrolled memory allocation was found in ZZIPlib that could lead to a crash in the __zzip_parse_root_directory function of zzip/zipc if the package is compiled with Address Sanitizer Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file ...

An uncontrolled memory allocation was found in ZZIPlib before 01368 that could lead to a crash in the __zzip_parse_root_directory function of zzip/zipc Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file ...

CWE-770 https://github.com/gdraheim/zziplib/issues/22 http://www.securityfocus.com/bid/103050 https://lists.debian.org/debian-lts-announce/2018/02/msg00022.html https://usn.ubuntu.com/3699-1/https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://usn.ubuntu.com/3699-1/https://nvd.nist.gov

CVE-2018-6869

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect