CVE-2008-0888

Priority
Description
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip
can be invoked using invalid buffers, which allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code via
unknown vectors that trigger a free of uninitialized or previously-freed
data.
Assigned-to
kees
Package
Source: unzip (LP Ubuntu Debian)
Upstream:needed
Patches:
Other:vsec Message-ID: <20080201153112.GA21424@sdf.lonestar.org>
More Information

Updated: 2019-03-19 11:45:22 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)