[manjaro-security] [ASA-201804-3] zziplib: denial of service

Santiago Torres-Arias santiago at archlinux.org
Mon Apr 9 17:41:22 CEST 2018


Arch Linux Security Advisory ASA-201804-3
=========================================

Severity: Medium
Date    : 2018-04-04
CVE-ID  : CVE-2018-7725 CVE-2018-7726 CVE-2018-7727
Package : zziplib
Type    : denial of service
Remote  : Yes
Link    : https://security.archlinux.org/AVG-612

Summary
=======

The package zziplib before version 0.13.69-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 0.13.69-1.

# pacman -Syu "zziplib>=0.13.69-1"

The problems have been fixed upstream in version 0.13.69.

Workaround
==========

None.

Description
===========

- CVE-2018-7725 (denial of service)

An out of bounds read was found in function zzip_disk_fread of ZZIPlib
before 0.13.69, when ZZIPlib mem_disk functionality is used. Remote
attackers could leverage this vulnerability to cause a denial of
service via a crafted zip file.

- CVE-2018-7726 (denial of service)

An improper input validation was found in function
__zzip_fetch_disk_trailer of ZZIPlib before 0.13.69, that could lead to
a crash in __zzip_parse_root_directory function of zzip/zip.c. Remote
attackers could leverage this vulnerability to cause a denial of
service via a crafted zip file.

- CVE-2018-7727 (denial of service)

A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib
before 0.13.69, that could lead to resource exhaustion. Local attackers
could leverage this vulnerability to cause a denial of service via a
crafted zip file.

Impact
======

A remote attacker can cause a denial of service via a specially crafted
zip file.

References
==========

https://github.com/gdraheim/zziplib/issues/39
https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06
https://github.com/gdraheim/zziplib/issues/41
https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be
https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b
https://github.com/gdraheim/zziplib/issues/40
https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4
https://security.archlinux.org/CVE-2018-7725
https://security.archlinux.org/CVE-2018-7726
https://security.archlinux.org/CVE-2018-7727
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20180409/df85dffd/attachment.sig>


More information about the manjaro-security mailing list