Candidate: CVE-2018-1000637
PublicDate: 2018-08-20 19:31:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000637
 http://www.openwall.com/lists/oss-security/2018/08/05/1
 https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
 https://bugs.debian.org/904819
Description:
 zutils version prior to version 1.8-pre2 contains a Buffer Overflow
 vulnerability in zcat that can result in Potential denial of service or
 arbitrary code execution. This attack appear to be exploitable via the
 victim openning a crafted compressed file. This vulnerability appears to
 have been fixed in 1.8-pre2.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904819
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_zutils:
upstream_zutils: released (1.7-3)
precise/esm_zutils: DNE
trusty_zutils: ignored (reached end-of-life)
trusty/esm_zutils: DNE (trusty was needed)
xenial_zutils: ignored (end of standard support, was needed)
bionic_zutils: needed
cosmic_zutils: not-affected (1.7-3)
disco_zutils: not-affected (1.7-3)
eoan_zutils: not-affected (1.7-3)
focal_zutils: not-affected (1.7-3)
groovy_zutils: not-affected (1.7-3)
hirsute_zutils: not-affected (1.7-3)
impish_zutils: not-affected (1.7-3)
jammy_zutils: not-affected (1.7-3)
devel_zutils: not-affected (1.7-3)