In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64trailer local entries) in _zzipfetchdisk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "0.13.62-2ubuntu0.2", "binary_name": "libzzip-0-13" }, { "binary_version": "0.13.62-2ubuntu0.2", "binary_name": "libzzip-dev" }, { "binary_version": "0.13.62-2ubuntu0.2", "binary_name": "zziplib-bin" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "0.13.62-3ubuntu0.16.04.2", "binary_name": "libzzip-0-13" }, { "binary_version": "0.13.62-3ubuntu0.16.04.2", "binary_name": "libzzip-dev" }, { "binary_version": "0.13.62-3ubuntu0.16.04.2", "binary_name": "zziplib-bin" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "0.13.62-3.1ubuntu0.18.04.1", "binary_name": "libzzip-0-13" }, { "binary_version": "0.13.62-3.1ubuntu0.18.04.1", "binary_name": "libzzip-0-13-dbgsym" }, { "binary_version": "0.13.62-3.1ubuntu0.18.04.1", "binary_name": "libzzip-dev" }, { "binary_version": "0.13.62-3.1ubuntu0.18.04.1", "binary_name": "zziplib-bin" }, { "binary_version": "0.13.62-3.1ubuntu0.18.04.1", "binary_name": "zziplib-bin-dbgsym" } ] }