oss-sec mailing list archives
Re: A note about the multiple crashes in zziplib
From: Agostino Sarubbo <ago () gentoo org>
Date: Tue, 14 Feb 2017 10:50:59 +0100
http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/
This is CVE-2017-5974.
http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c/
This is CVE-2017-5975.
http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/
This is CVE-2017-5976.
http://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/
This is CVE-2017-5977.
http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-main-unzzipcat-mem-c/
This is a functionality bug in a command-line program. There is no CVE ID at this time.
http://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/
This is CVE-2017-5978.
http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c/
This is CVE-2017-5979.
http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/
This is CVE-2017-5980.
http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-main-unzzipcat-c/
This is a functionality bug in a command-line program. There is no CVE ID at this time.
http://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/
This is CVE-2017-5981.
https://blogs.gentoo.org/ago/2017/02/09/zziplib-load-of-misaligned-address-in-memdisk-c/
Please consider this a duplicate of: http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-main-unzzipcat-mem-c/ All CVEs where assigned via https://cveform.mitre.org -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- A note about the multiple crashes in zziplib Agostino Sarubbo (Feb 09)
- Message not available
- Re: A note about the multiple crashes in zziplib Agostino Sarubbo (Feb 14)
- Re: A note about the multiple crashes in zziplib Ian Zimmerman (Feb 14)
- Re: A note about the multiple crashes in zziplib Agostino Sarubbo (Feb 14)
- Message not available