GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTORzipextractmethod() in zipextractor.c.
{ "urgency": "not yet assigned" }