library providing read access on ZIP-archives (USN-3320-1) libzzip-0-13_0.13.62-2ubuntu0.1_amd64.deb
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.601%
CVE Information
Source CVE
CVE-2017-5974
Associated CVE
CVE-2017-5974
CVE-2017-5976
CVE-2017-5978
CVE-2017-5975
CVE-2017-5979
CVE-2017-5974
Associated CVE
CVE-2017-5974
CVE-2017-5976
CVE-2017-5978
CVE-2017-5975
CVE-2017-5979
Patch Details
No records found
References
http://www.debian.org/security/2017/dsa-3878
http://www.openwall.com/lists/oss-security/2017/02/14/3
http://www.securityfocus.com/bid/96268
https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/
https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/
https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c/
https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c/
https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/