CVE-2017-14107

Priority
Description
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0
mishandles EOCD records, which allows remote attackers to cause a denial of
service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a
crafted ZIP archive.
Ubuntu-Description
It was discovered that libzip mishandled certain malformed ZIP archives. An
attacker could use this vulnerability to cause a denial of service.
Notes
Package
Upstream:released (1.3.0+dfsg.1-1)
Ubuntu 18.04 LTS:needed
Ubuntu 20.04 LTS:not-affected (1.5.1-0ubuntu1)
Ubuntu 21.10:not-affected (1.5.1-0ubuntu1)
Ubuntu 22.04 LTS:not-affected (1.5.1-0ubuntu1)
Ubuntu 14.04 ESM:not-affected (code not present)
Patches:
Upstream:https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.6.33+dfsg-0+deb8u1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:DNE
Ubuntu 21.10:DNE
Ubuntu 22.04 LTS:DNE
Ubuntu 14.04 ESM:not-affected (code not present)
Patches:
Upstream:https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
More Information

Updated: 2022-04-25 00:19:24 UTC (commit ecc1009cb19540b950de59270950018900f37f15)