Libzip

libzip

Vendor: Libzip • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-17582 1Libzip 1Libzip Nov 21, 2024 Feb 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after...Show more A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."Show less
CVE-2017-14107 2Debian Libzip 2Debian Linux Libzip May 13, 2026 Sep 1, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a c...Show more The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.Show less
CVE-2017-12858 1Libzip 1Libzip May 13, 2026 Aug 23, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.