VulnerableCode Package Details - pkg:deb/ubuntu/libzip@0.10.1-1.2

Search for packages

Package details: pkg:deb/ubuntu/libzip@0.10.1-1.2

Essentials
History (0)

purl	pkg:deb/ubuntu/libzip@0.10.1-1.2

Next non-vulnerable version	1.5.1-0ubuntu1
Latest non-vulnerable version	1.5.1-0ubuntu1
Risk	3.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-yxe1-qn72-aaab Aliases: CVE-2017-14107	The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.	1.5.1-0ubuntu1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-5ynh-zkyv-aaas	Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.	CVE-2015-2331

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version