[3.5] unzip: Heap-based buffer overflow in password protected ZIP archives (CVE-2018-1000035)
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00
in the processing of password-protected
archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
(from redmine: issue id 9290, created on 2018-08-20, closed on 2018-08-22)
- Revision 6ece7a7a by Natanael Copa on 2018-08-22T08:39:31Z:
main/unzip: fix various CVEs - CVE-2014-8139 - CVE-2014-8140 - CVE-2014-8141 - CVE-2014-9636 - CVE-2014-9913 - CVE-2016-9844 - CVE-2018-1000035 fixes #9290