| Errata ID | 492 |
|---|---|
| Date | 2019-05-02 |
| Source package | zziplib |
| Fixed in version | 0.13.62-3.2~deb9u1 |
| Description | This update addresses the following issues: * Invalid memory access in the zzip_disk_fread function in zzip/mmapped.c (CVE-2018-6381) * Loading of misaligned memory address in zip.c:__zzip_fetch_disk_trailer can lead to a denial of service via crafted zip file (CVE-2018-6484) * Bus error in zzip_disk_findfirst function in zzip/mmapped.c (CVE-2018-6540) * Bus error caused by loading of a misaligned address inzzip/zip.c (CVE-2018-6541) * Uncontrolled memory allocation in __zzip_parse_root_directory in zzip/zip.c (CVE-2018-6869) * Out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725) * Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file (CVE-2018-7726) * Memory leak triggered in the function __zzip_parse_root_directory in zip.c (CVE-2018-16548) |
| Additional notes | |
| CVE ID | CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6541 CVE-2018-6869 CVE-2018-7725 CVE-2018-7726 CVE-2018-16548 |
| UCS Bug number | #49368 |
