Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Apr 16, 2026
CVE-2005-4667
CVE-2005-4667
Description
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
Affected products
8cpe:2.3:a:info-zip:unzip:5.2:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:info-zip:unzip:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:info-zip:unzip:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:info-zip:unzip:5.31:*:*:*:*:*:*:*
- cpe:2.3:a:info-zip:unzip:5.32:*:*:*:*:*:*:*
- cpe:2.3:a:info-zip:unzip:5.40:*:*:*:*:*:*:*
- cpe:2.3:a:info-zip:unzip:5.41:*:*:*:*:*:*:*
- cpe:2.3:a:info-zip:unzip:5.42:*:*:*:*:*:*:*
- cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- www.debian.org/security/2006/dsa-1012nvdPatchVendor Advisory
- www.trustix.org/errata/2006/0006nvdPatchVendor Advisory
- archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.htmlnvdExploit
- www.securityfocus.com/bid/15968nvdExploit
- secunia.com/advisories/25098nvd
- www.info-zip.org/FAQ.htmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.osvdb.org/22400nvd
- www.redhat.com/support/errata/RHSA-2007-0203.htmlnvd
- www.securityfocus.com/archive/1/430300/100/0/threadednvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252nvd
- usn.ubuntu.com/248-1/nvd
- usn.ubuntu.com/248-2/nvd
News mentions
0No linked articles in our index yet.