CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39133
https://notcve.org/view.php?id=CVE-2024-39133
27 Jun 2024 — Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c. La vulnerabilidad de desbordamiento de búfer de montón en zziplib v0.13.77 permite a atacantes provocar una denegación de servicio a través de la función __zzip_parse_root_directory() en /zzip/zip.c. • https://github.com/gdraheim/zziplib/issues/164 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-39134
https://notcve.org/view.php?id=CVE-2024-39134
27 Jun 2024 — A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. Una vulnerabilidad de desbordamiento de búfer de pila en zziplibv 0.13.77 permite a atacantes provocar una denegación de servicio a través de la función __zzip_fetch_disk_trailer() en /zzip/zip.c. • https://github.com/gdraheim/zziplib/issues/165 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18770 – zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c
https://notcve.org/view.php?id=CVE-2020-18770
22 Aug 2023 — An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. An invalid memory access flaw was found in the mmapped.c file's zzip_disk_entry_to_file_header function in Zziplib. This issue could allow an attacker to entice a victim into opening a specially crafted file, leading to a denial of service. An update for zziplib is now available for Red Hat Enterprise Linux 9. • https://github.com/gdraheim/zziplib/issues/69 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-18442 – zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file()
https://notcve.org/view.php?id=CVE-2020-18442
18 Jun 2021 — Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". Un bucle infinito en zziplib versión v0.13.69, permite a atacantes remotos causar una denegación de servicio por medio del valor de retorno "zzip_file_read" en la función "unzzip_cat_file" Liu Zhu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a re... • https://github.com/gdraheim/zziplib/issues/68 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-17828 – zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c
https://notcve.org/view.php?id=CVE-2018-17828
01 Oct 2018 — Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. Vulnerabilidad de salto de directorio en ZZIPlib 0.13.69 permite que un atacante sobrescriba archivos arbitrarios mediante un .. (punto punto) en un archivo zip. Esto se debe a la función unzzip_cat en el archivo bins/unzzipcat-mem.c. • https://github.com/gdraheim/zziplib/issues/62 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16548 – zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c
https://notcve.org/view.php?id=CVE-2018-16548
05 Sep 2018 — An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. Se ha descubierto un problema en ZZIPlib hasta su versión 0.13.69. Existe una fuga de memoria que se desencadena en la función __zzip_parse_root_directory en zip.c que provocará un ataque de denegación de servicio (DoS). The zziplib is a lightweight library to easily extract data from zip files. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00065.html • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2018-7725 – zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash
https://notcve.org/view.php?id=CVE-2018-7725
06 Mar 2018 — An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. Se ha descubierto un problema en ZZIPlib 0.13.68. Se ha descubierto una desreferencia de dirección de memoria inválida en zzip_disk_fread en mmapped.c. • https://access.redhat.com/errata/RHSA-2018:3229 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2018-7726 – zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file
https://notcve.org/view.php?id=CVE-2018-7726
06 Mar 2018 — An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. Se ha descubierto un problema en ZZIPlib 0.13.68. Hay un error de bus provocado por la función __zzip_parse_root_directory de zip.c. • https://access.redhat.com/errata/RHSA-2018:3229 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-7727 – zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip
https://notcve.org/view.php?id=CVE-2018-7727
06 Mar 2018 — An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. Se ha descubierto un problema en ZZIPlib 0.13.68. Existe una fuga de memoria que se desencadena en la función zzip_mem_disk_new en memdisk.c que provocaría un ataque de denegación de servicio. A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib, up to v0.13.68, that could lead to resource exhaustion. • https://access.redhat.com/errata/RHSA-2018:3229 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6869 – Ubuntu Security Notice USN-3699-1
https://notcve.org/view.php?id=CVE-2018-6869
09 Feb 2018 — In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. En ZZIPlib 0.13.68, hay una asignación de memoria no controlada y un cierre inesperado en la función __zzip_parse_root_directory en zzip/zip.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo zip... • http://www.securityfocus.com/bid/103050 • CWE-770: Allocation of Resources Without Limits or Throttling •