OSV-2023-31

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libzip/OSV-2023-31.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-31
Published
2023-01-25T13:00:19.349341Z
Modified
2023-01-25T13:00:19.349630Z
Summary
Heap-use-after-free in zip_source_open
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55365

Crash type: Heap-use-after-free READ 1
Crash state:
zip_source_open
zip_source_open
_zip_open
References

Affected packages

OSS-Fuzz / libzip

Package

Name
libzip
Purl
pkg:generic/libzip

Affected ranges

Type
GIT
Repo
https://github.com/nih-at/libzip.git
Events
Introduced
4a0b206bf11e70ffd9850b0b1b72cf3f664d13ac
Fixed
e907b0bda2f04c16eb7f10d5b2f41a3416a3e2b8

Ecosystem specific 

{
    "severity": "HIGH"
}