CVE-2015-2063

Published: 9 March 2015

Integer overflow in unace 1.2b allows remote attackers to cause a denial of service (crash) via a small file header in an ace archive, which triggers a buffer overflow.

Priority

Status

Package	Release	Status
unace Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Ignored (end of life)
	trusty	Released (1.2b-10+deb7u1build0.14.04.1)
	upstream	Released (1.2b-12)
	utopic	Ignored (end of life)
	vivid	Not vulnerable (1.2b-12)
	wily	Not vulnerable (1.2b-12)
	xenial	Not vulnerable (1.2b-12)
	yakkety	Not vulnerable (1.2b-12)
	zesty	Not vulnerable (1.2b-12)
	Patches: debian: http://git.hadrons.org/?p=debian/pkgs/unace.git;a=commitdiff;h=319446f

References

https://www.cve.org/CVERecord?id=CVE-2015-2063
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775003

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›