Unrated severityNVD Advisory· Published Mar 17, 2008· Updated Aug 26, 2025
CVE-2008-0888
CVE-2008-0888
Description
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
31- lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlmitrevendor-advisoryx_refsource_APPLE
- lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.htmlmitrevendor-advisoryx_refsource_SUSE
- secunia.com/advisories/29392mitrethird-party-advisoryx_refsource_SECUNIA
- secunia.com/advisories/29406mitrethird-party-advisoryx_refsource_SECUNIA
- secunia.com/advisories/29415mitrethird-party-advisoryx_refsource_SECUNIA
- secunia.com/advisories/29427mitrethird-party-advisoryx_refsource_SECUNIA
- secunia.com/advisories/29432mitrethird-party-advisoryx_refsource_SECUNIA
- secunia.com/advisories/29440mitrethird-party-advisoryx_refsource_SECUNIA
- secunia.com/advisories/29495mitrethird-party-advisoryx_refsource_SECUNIA
- secunia.com/advisories/29681mitrethird-party-advisoryx_refsource_SECUNIA
- secunia.com/advisories/30535mitrethird-party-advisoryx_refsource_SECUNIA
- secunia.com/advisories/31204mitrethird-party-advisoryx_refsource_SECUNIA
- security.gentoo.org/glsa/glsa-200804-06.xmlmitrevendor-advisoryx_refsource_GENTOO
- www.debian.org/security/2008/dsa-1522mitrevendor-advisoryx_refsource_DEBIAN
- www.mandriva.com/en/security/advisoriesmitrevendor-advisoryx_refsource_MANDRIVA
- www.redhat.com/support/errata/RHSA-2008-0196.htmlmitrevendor-advisoryx_refsource_REDHAT
- www.ubuntu.com/usn/usn-589-1mitrevendor-advisoryx_refsource_UBUNTU
- support.apple.com/kb/HT4077mitrex_refsource_CONFIRM
- wiki.rpath.com/Advisories:rPSA-2008-0116mitrex_refsource_CONFIRM
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0116mitrex_refsource_CONFIRM
- www.ipcop.org/index.phpmitrex_refsource_CONFIRM
- www.securityfocus.com/archive/1/489967/100/0/threadedmitremailing-listx_refsource_BUGTRAQ
- www.securityfocus.com/archive/1/493080/100/0/threadedmitremailing-listx_refsource_BUGTRAQ
- www.securityfocus.com/bid/28288mitrevdb-entryx_refsource_BID
- www.securitytracker.com/idmitrevdb-entryx_refsource_SECTRACK
- www.vmware.com/security/advisories/VMSA-2008-0009.htmlmitrex_refsource_CONFIRM
- www.vupen.com/english/advisories/2008/0913/referencesmitrevdb-entryx_refsource_VUPEN
- www.vupen.com/english/advisories/2008/1744mitrevdb-entryx_refsource_VUPEN
- exchange.xforce.ibmcloud.com/vulnerabilities/41246mitrevdb-entryx_refsource_XF
- issues.rpath.com/browse/RPL-2317mitrex_refsource_CONFIRM
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9733mitrevdb-entrysignaturex_refsource_OVAL
News mentions
0No linked articles in our index yet.