CVE-2012-1163

Published: Jul 12, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.

Affected (1)

Products: Nih: Libzip

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nih Libzip	Version 0.10

Related CWEs

References (12)

http://nih.at/listarchive/libzip-discuss/msg00252.html

Source: secalert@redhat.com

http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2012:034

Source: secalert@redhat.com

http://www.nih.at/libzip/NEWS.html

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/03/21/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/03/29/11

Source: secalert@redhat.com

http://nih.at/listarchive/libzip-discuss/msg00252.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2012:034

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.nih.at/libzip/NEWS.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/03/21/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/03/29/11

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.