nih-at/libzip

nih-at/libzip

Releases43

Frequency5 months 4 days

Last Release about 1 year ago

Stars1.01K

A C library for reading, creating, and modifying zip archives.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-17582 ↗	Feb 9, 2021Tuesday, 9 February 2021, 19:15	9.8 CRITICAL	7.5 HIGH
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."
CVE-2017-14107 ↗	Sep 1, 2017Friday, 1 September 2017, 17:29	6.5 MEDIUM	4.3 MEDIUM
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.
CVE-2017-12858 ↗	Aug 23, 2017Wednesday, 23 August 2017, 14:29	9.8 CRITICAL	7.5 HIGH
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.