In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzipdiskfread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libzzip-0-13", "binary_version": "0.13.62-2ubuntu0.2" }, { "binary_name": "libzzip-dev", "binary_version": "0.13.62-2ubuntu0.2" }, { "binary_name": "zziplib-bin", "binary_version": "0.13.62-2ubuntu0.2" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libzzip-0-13", "binary_version": "0.13.62-3ubuntu0.16.04.2" }, { "binary_name": "libzzip-dev", "binary_version": "0.13.62-3ubuntu0.16.04.2" }, { "binary_name": "zziplib-bin", "binary_version": "0.13.62-3ubuntu0.16.04.2" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libzzip-0-13", "binary_version": "0.13.62-3.1ubuntu0.18.04.1" }, { "binary_name": "libzzip-0-13-dbgsym", "binary_version": "0.13.62-3.1ubuntu0.18.04.1" }, { "binary_name": "libzzip-dev", "binary_version": "0.13.62-3.1ubuntu0.18.04.1" }, { "binary_name": "zziplib-bin", "binary_version": "0.13.62-3.1ubuntu0.18.04.1" }, { "binary_name": "zziplib-bin-dbgsym", "binary_version": "0.13.62-3.1ubuntu0.18.04.1" } ] }