Unrated severityNVD Advisory· Published Feb 6, 2015· Updated Jun 17, 2026
CVE-2014-9636
CVE-2014-9636
Description
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16- cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- osv-coords8 versionspkg:rpm/opensuse/unzip&distro=openSUSE%20Tumbleweedpkg:rpm/suse/unzip&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/unzip&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/unzip&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/unzip&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/unzip&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/unzip&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/unzip&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 6.00-39.1+ 7 more
- (no CPE)range: < 6.00-39.1
- (no CPE)range: < 6.00-32.1
- (no CPE)range: < 6.00-33.8.1
- (no CPE)range: < 6.00-4.3.1
- (no CPE)range: < 6.00-32.1
- (no CPE)range: < 6.00-33.8.1
- (no CPE)range: < 6.00-32.1
- (no CPE)range: < 6.00-33.8.1
Patches
Vulnerability mechanics
References
14- www.info-zip.org/phpBB3/viewtopic.phpnvdPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.htmlnvd
- seclists.org/oss-sec/2014/q4/1131nvd
- seclists.org/oss-sec/2014/q4/489nvd
- seclists.org/oss-sec/2014/q4/496nvd
- seclists.org/oss-sec/2015/q1/216nvd
- secunia.com/advisories/62738nvd
- secunia.com/advisories/62751nvd
- www.debian.org/security/2015/dsa-3152nvd
- www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvd
- www.securityfocus.com/bid/71825nvd
- www.ubuntu.com/usn/USN-2489-1nvd
- security.gentoo.org/glsa/201611-01nvd
News mentions
0No linked articles in our index yet.