rpm package
suse/zziplib&distro=SUSE Linux Enterprise Workstation Extension 12 SP3
pkg:rpm/suse/zziplib&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17828 | Med | 5.5 | < 0.13.67-10.14.1 | 0.13.67-10.14.1 | Oct 1, 2018 | Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. | |
| CVE-2018-7726 | Med | 6.5 | < 0.13.67-10.8.1 | 0.13.67-10.8.1 | Mar 6, 2018 | An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |
| CVE-2018-7725 | Med | 6.5 | < 0.13.67-10.8.1 | 0.13.67-10.8.1 | Mar 6, 2018 | An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. | |
| CVE-2018-6542 | Med | 6.5 | < 0.13.67-10.11.1 | 0.13.67-10.11.1 | Feb 2, 2018 | In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. | |
| CVE-2018-6540 | Med | 6.5 | < 0.13.67-10.5.1 | 0.13.67-10.5.1 | Feb 2, 2018 | In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |
| CVE-2018-6484 | Med | 6.5 | < 0.13.67-10.5.1 | 0.13.67-10.5.1 | Feb 1, 2018 | In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |
| CVE-2018-6381 | Med | 6.5 | < 0.13.67-10.5.1 | 0.13.67-10.5.1 | Jan 29, 2018 | In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated again |
- affected < 0.13.67-10.14.1fixed 0.13.67-10.14.1
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
- affected < 0.13.67-10.8.1fixed 0.13.67-10.8.1
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
- affected < 0.13.67-10.8.1fixed 0.13.67-10.8.1
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.
- affected < 0.13.67-10.11.1fixed 0.13.67-10.11.1
In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.
- affected < 0.13.67-10.5.1fixed 0.13.67-10.5.1
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
- affected < 0.13.67-10.5.1fixed 0.13.67-10.5.1
In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
- affected < 0.13.67-10.5.1fixed 0.13.67-10.5.1
In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated again