ALAS2-2019-1357 --- zziplibID: oval:org.secpod.oval:def:1700267 | Date: (C)2019-11-11 (M)2023-12-20 |
Class: PATCH | Family: unix |
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in __zzip_fetch_disk_trailer . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.