Medium severity5.5NVD Advisory· Published Mar 1, 2017· Updated Jun 17, 2026
CVE-2017-5974
CVE-2017-5974
Description
Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17cpe:2.3:a:gdraheim:zziplib:0.13.56:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:gdraheim:zziplib:0.13.56:*:*:*:*:*:*:*
- cpe:2.3:a:gdraheim:zziplib:0.13.57:*:*:*:*:*:*:*
- cpe:2.3:a:gdraheim:zziplib:0.13.58:*:*:*:*:*:*:*
- cpe:2.3:a:gdraheim:zziplib:0.13.59:*:*:*:*:*:*:*
- cpe:2.3:a:gdraheim:zziplib:0.13.60:*:*:*:*:*:*:*
- cpe:2.3:a:gdraheim:zziplib:0.13.61:*:*:*:*:*:*:*
- cpe:2.3:a:gdraheim:zziplib:0.13.62:*:*:*:*:*:*:*
- osv-coords7 versionspkg:rpm/opensuse/zziplib&distro=openSUSE%20Tumbleweedpkg:rpm/suse/zziplib&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/zziplib&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/zziplib&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/zziplib&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/zziplib&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1pkg:rpm/suse/zziplib&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2
< 0.13.72-1.4+ 6 more
- (no CPE)range: < 0.13.72-1.4
- (no CPE)range: < 0.13.62-9.1
- (no CPE)range: < 0.13.62-9.1
- (no CPE)range: < 0.13.62-9.1
- (no CPE)range: < 0.13.62-9.1
- (no CPE)range: < 0.13.62-9.1
- (no CPE)range: < 0.13.62-9.1
Patches
Vulnerability mechanics
References
4- blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/nvdExploitThird Party Advisory
- www.debian.org/security/2017/dsa-3878nvdThird Party Advisory
- www.securityfocus.com/bid/96268nvdThird Party AdvisoryVDB Entry
- www.openwall.com/lists/oss-security/2017/02/14/3nvdMailing List
News mentions
0No linked articles in our index yet.