The zzipmementry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.13.62-2ubuntu0.1", "binary_name": "libzzip-0-13" }, { "binary_version": "0.13.62-2ubuntu0.1", "binary_name": "libzzip-dev" }, { "binary_version": "0.13.62-2ubuntu0.1", "binary_name": "zziplib-bin" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.13.62-3ubuntu0.16.04.1", "binary_name": "libzzip-0-13" }, { "binary_version": "0.13.62-3ubuntu0.16.04.1", "binary_name": "libzzip-dev" }, { "binary_version": "0.13.62-3ubuntu0.16.04.1", "binary_name": "zziplib-bin" } ] }