Medium severity6.5OSV Advisory· Published Jan 3, 2018· Updated Jun 17, 2026
CVE-2017-1000472
CVE-2017-1000472
Description
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: poco-1.5.2-rc1, poco-1.5.2-rc2, poco-1.5.2-rc3, …
- Range: <1.8
Patches
Vulnerability mechanics
References
3- github.com/pocoproject/poco/issues/1968nvdExploitIssue TrackingPatch
- www.debian.org/security/2018/dsa-4083nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/01/msg00013.htmlnvd
News mentions
0No linked articles in our index yet.