CVE-2014-9636
Published: 31 December 2014
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
Priority
Status
Package | Release | Status |
---|---|---|
unzip Launchpad, Ubuntu, Debian |
lucid |
Released
(6.0-1ubuntu0.2)
|
precise |
Released
(6.0-4ubuntu2.2)
|
|
trusty |
Released
(6.0-9ubuntu1.2)
|
|
upstream |
Needed
|
|
utopic |
Released
(6.0-12ubuntu1.2)
|
|
Patches: other: http://www.info-zip.org/phpBB3/download/file.php?id=95&sid=95e98be32f791909977347bca032d3bc |