VulnerableCode Package Details - pkg:deb/ubuntu/libzip@0.9.3-1

Search for packages

Package details: pkg:deb/ubuntu/libzip@0.9.3-1

Essentials
History (0)

purl	pkg:deb/ubuntu/libzip@0.9.3-1

Next non-vulnerable version	1.5.1-0ubuntu1
Latest non-vulnerable version	1.5.1-0ubuntu1
Risk	10.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-5ynh-zkyv-aaas Aliases: CVE-2015-2331	Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.	0.10.1-1.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yxe1-qn72-aaab Aliases: CVE-2017-14107	The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.	1.5.1-0ubuntu1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version