CVE-2019-13453 (retired)

Priority
Description
Zipios before 0.1.7 does not properly handle certain malformed zip archives
and can go into an infinite loop, causing a denial of service. This is
related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile().
Ubuntu-Description
Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files.
An attacker could use this vulnerability to cause a denial of service or
consume system resources.
Package
Upstream:released (0.7.2+dfsg-6ubuntu0.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (0.7.2+dfsg-6ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.7.2+dfsg-10ubuntu0.1)
Ubuntu 19.04 (Disco Dingo):released (0.7.2+dfsg-13ubuntu0.19.04.1)
Ubuntu 19.10 (Eoan):released (0.7.2+dfsg-13ubuntu1)
Patches:
Upstream:https://github.com/Sigil-Ebook/flightcrew/commit/5b8e9309bbdf4c15fd8b3b8162d66141f0459c5b
Package
Upstream:released (0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1)
Ubuntu 19.04 (Disco Dingo):released (0.1.5.9+cvs.2007.04.28-10ubuntu0.19.04.1)
Ubuntu 19.10 (Eoan):released (0.1.5.9+cvs.2007.04.28-10ubuntu1)
Patches:
Upstream:https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch
More Information

Updated: 2019-07-19 20:15:37 UTC (commit 0fa80ac1c719046998417acadc649c9dfce900a5)