Candidate: CVE-2012-1162
PublicDate: 2012-07-12 20:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1162
 http://nih.at/listarchive/libzip-discuss/msg00252.html
Description:
 Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in
 libzip 0.10 allows remote attackers to cause a denial of service
 (application crash) and possibly execute arbitrary code via a zip archive
 with the number of directories set to 0, related to an "incorrect loop
 construct."
Ubuntu-Description: 
Notes: 
 jdstrand> only 0.10 affected
 jdstrand> http://hg.nih.at/libzip/?cs=de747816d94c introduced the problem
Bugs: 
 https://bugzilla.redhat.com/show_bug.cgi?id=802564
Priority: medium
Discovered-by: Timo Warns
Assigned-to: mdeslaur
CVSS: 

Patches_libzip:
 upstream: http://hg.nih.at/libzip?cs=cb69d6146a09
upstream_libzip: released (0.10.1)
hardy_libzip: ignored (reached end-of-life)
lucid_libzip: not-affected
maverick_libzip: not-affected
natty_libzip: not-affected
oneiric_libzip: not-affected (0.9.3-1)
devel_libzip: released (0.10-1ubuntu1)