[3.5] zziplib: Multiple vulnerabilities (CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5977, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980, CVE-2017-5981)
CVE-2017-5974: heap-based buffer overflow in __zzip_get32 (fetch.c)
Heap-based buffer overflow in the __zzip_get32 function in fetch.c in
zziplib 0.13.62 allows
remote attackers to cause a denial of service (crash) via a crafted ZIP
file.
References:
https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-\_\_zzip\_get32-fetch-c/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2017-5974
http://seclists.org/oss-sec/2017/q1/431
CVE-2017-5975: heap-based buffer overflow in __zzip_get64 (fetch.c)
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in
zziplib 0.13.62 allows
remote attackers to cause a denial of service (crash) via a crafted ZIP
file.
References:
https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-\_\_zzip\_get64-fetch-c/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2017-5975
CVE-2017-5976: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c)
Heap-based buffer overflow in the zzip_mem_entry_extra_block
function in memdisk.c in zziplib 0.13.62 allows
remote attackers to cause a denial of service (crash) via a crafted ZIP
file.
References:
https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip\_mem\_entry\_extra\_block-memdisk-c/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2017-5976
CVE-2017-5977: invalid memory read in zzip_mem_entry_extra_block (memdisk.c)
The zzip_mem_entry_extra_block function in memdisk.c in zziplib
0.13.62 allows remote attackers to
cause a denial of service (invalid memory read and crash) via a crafted
ZIP file.
References:
https://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip\_mem\_entry\_extra\_block-memdisk-c/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2017-5977
http://seclists.org/oss-sec/2017/q1/431
CVE-2017-5978: out of bounds read in zzip_mem_entry_new (memdisk.c)
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62
allows remote attackers to cause
a denial of service (out-of-bounds read and crash) via a crafted ZIP
file.
References:
http://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip\_mem\_entry\_new-memdisk-c/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2017-5978
http://seclists.org/oss-sec/2017/q1/431
CVE-2017-5979: NULL pointer dereference in prescan_entry (fseeko.c)
The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote
attackers to cause
a denial of service (NULL pointer dereference and crash) via a crafted
ZIP file.
References:
https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan\_entry-fseeko-c/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5979
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2017-5979
CVE-2017-5980: NULL pointer dereference in zzip_mem_entry_new (memdisk.c)
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62
allows remote attackers to cause
a denial of service (NULL pointer dereference and crash) via a crafted
ZIP file.
References:
https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip\_mem\_entry\_new-memdisk-c/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2017-5980
http://seclists.org/oss-sec/2017/q1/431
CVE-2017-5981: assertion failure in seeko.c
seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.
References:
https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2017-5981
http://seclists.org/oss-sec/2017/q1/431
(from redmine: issue id 6967, created on 2017-03-07, closed on 2019-05-04)
- Relations:
- parent #6965
- Changesets:
- Revision 5227a60e by A. Klitzing on 2017-09-01T22:42:41Z:
community/zziplib: security upgrade to 0.13.67
ref #6967