Description
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0
mishandles EOCD records, which allows remote attackers to cause a denial of
service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a
crafted ZIP archive.
Ubuntu-Description
It was discovered that libzip mishandled certain malformed ZIP archives. An
attacker could use this vulnerability to cause a denial of service.
Package
Upstream: | released
(5.6.33+dfsg-0+deb8u1)
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | not-affected
(code not present)
|
Patches:
Updated: 2022-04-25 00:19:24 UTC (commit ecc1009cb19540b950de59270950018900f37f15)