Computer Security
[EN] securityvulns.ru no-pyccku


UnZip multiple security vulnerabilities
updated since 23.12.2014
Published:22.02.2015
Source:
SecurityVulns ID:14173
Type:remote
Threat Level:
5/10
Description:Few buffer overflows.
Affected:UNZIP : unzip 6.0
CVE:CVE-2015-1315 (Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.)
 CVE-2014-9636 (unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.)
 CVE-2014-8141
 CVE-2014-8140
 CVE-2014-8139
Original documentdocumentUBUNTU, [USN-2502-1] unzip vulnerabilities (22.02.2015)
 documentDEBIAN, [SECURITY] [DSA 3152-1] unzip security update (11.02.2015)
 documentAndrea Barisani, [oCERT-2014-011] UnZip input sanitization errors (23.12.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod