CESA-2018:3229 -- centos 7 zziplibID: oval:org.secpod.oval:def:204980 | Date: (C)2021-01-19 (M)2023-12-20 |
Class: PATCH | Family: unix |
The zziplib is a lightweight library to easily extract data from zip files. Security Fix: * zziplib: out of bound read in mmapped.c:zzip_disk_fread causes crash * zziplib: Bus error in zip.c:__zzip_parse_root_directory cause crash via crafted zip file * zziplib: Memory leak in memdisk.c:zzip_mem_disk_new can lead to denial of service via crafted zip For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.