Medium severity6.5NVD Advisory· Published Sep 1, 2017· Updated Jun 17, 2026
CVE-2017-14107
CVE-2017-14107
Description
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13- osv-coords10 versionspkg:rpm/opensuse/libzip&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libzip&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libzip&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libzip&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/libzip&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libzip&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/libzip&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libzip&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libzip&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libzip&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 1.8.0-1.2+ 9 more
- (no CPE)range: < 1.8.0-1.2
- (no CPE)range: < 0.11.1-13.3.1
- (no CPE)range: < 0.11.1-13.3.1
- (no CPE)range: < 0.11.1-13.3.1
- (no CPE)range: < 0.11.1-13.3.1
- (no CPE)range: < 0.11.1-13.3.1
- (no CPE)range: < 0.11.1-13.3.1
- (no CPE)range: < 0.11.1-13.3.1
- (no CPE)range: < 0.11.1-13.3.1
- (no CPE)range: < 0.11.1-13.3.1
Patches
Vulnerability mechanics
References
3- blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/nvdPatchThird Party AdvisoryVDB Entry
- github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5nvdIssue TrackingPatchThird Party Advisory
- lists.debian.org/debian-lts-announce/2021/12/msg00022.htmlnvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.