RSS   Vulnerabilities for 'Unzip'   RSS

2022-02-09
 
CVE-2022-0529

CWE-787
 

 
A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of wide string to local string that leads to a heap of out-of-bound writes. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

 
 
CVE-2022-0530

NVD-CWE-Other
 

 
A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of an utf-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

 
2020-01-31
 
CVE-2014-8141

CWE-787
 

 
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

 
 
CVE-2014-8140

CWE-787
 

 
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

 
 
CVE-2014-8139

CWE-787
 

 
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

 


Copyright 2024, cxsecurity.com

 

Back to Top