MGASA-2017-0163

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2017-0163.html
Import Source
https://advisories.mageia.org/MGASA-2017-0163.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2017-0163
Related
Published
2017-06-09T23:05:58Z
Modified
2017-06-09T22:51:19Z
Summary
Updated zziplib packages fix security vulnerability
Details

Heap-based buffer overflow in _zzipget32 in fetch.c (CVE-2017-5974).

Heap-based buffer overflow in _zzipget64 in fetch.c (CVE-2017-5975).

Heap-based buffer overflow in zzipmementryextrablock in memdisk.c (CVE-2017-5976).

Invalid memory read in zzipmementryextrablock in memdisk.c (CVE-2017-5977).

Out of bounds read in zzipmementry_new in memdisk.c (CVE-2017-5978).

NULL pointer dereference in prescan_entry in fseeko.c (CVE-2017-5979).

NULL pointer dereference in zzipmementry_new in memdisk.c (CVE-2017-5980).

Assertion failure in seeko.c (CVE-2017-5981).

NULL pointer dereference in main in unzzipcat-mem.c (bsc#1024532).

NULL pointer dereference in main in unzzipcat.c (bsc#1024537).

References
Credits

Affected packages

Mageia:5 / zziplib

Package

Name
zziplib
Purl
pkg:rpm/mageia/zziplib?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.62-5.1.mga5

Ecosystem specific 

{
    "section": "core"
}