Your submission was sent successfully! Close

CVE-2014-9636

Published: 31 December 2014

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

Priority

Medium

Status

Package Release Status
unzip
Launchpad, Ubuntu, Debian
lucid
Released (6.0-1ubuntu0.2)
precise
Released (6.0-4ubuntu2.2)
trusty
Released (6.0-9ubuntu1.2)
upstream Needed

utopic
Released (6.0-12ubuntu1.2)
Patches:
other: http://www.info-zip.org/phpBB3/download/file.php?id=95&sid=95e98be32f791909977347bca032d3bc