unzip: Heap-based buffer overflow in password protected ZIP archives (CVE-2018-1000035)
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00
in the processing of password-protected
archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
(from redmine: issue id 9286, created on 2018-08-20, closed on 2018-08-22)