← Back

Ziparchive

ziparchive

Vendor: Ziparchive Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-39136
1Ziparchive Project
1Ziparchive
Nov 21, 2024
Aug 30, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file.
CVE-2022-36943
1Ziparchive Project
1Ziparchive
Jan 28, 2026
Jan 3, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZI...Show more
SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item.Show less