CVE-2012-1162 (retired)

Priority
Description
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in
libzip 0.10 allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via a zip archive
with the number of directories set to 0, related to an "incorrect loop
construct."
Assigned-to
mdeslaur
Notes
jdstrandonly 0.10 affected
http://hg.nih.at/libzip/?cs=de747816d94c introduced the problem
Package
Upstream:released (0.10.1)
Patches:
Upstream:http://hg.nih.at/libzip?cs=cb69d6146a09
More Information

Updated: 2019-10-09 07:41:28 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)