ALAS2-2021-1604 --- unzip| ID: oval:org.secpod.oval:def:1700552 | Date: (C)2021-02-22 (M)2023-12-20 |
| Class: PATCH | Family: unix |
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service via empty bzip2 data in a ZIP archive. Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service via a large compression method value in the central directory file header. A heap-based buffer overflow exists in Info-Zip UnZip version CVE-2018-1000035
