CVE-2014-9913
Published: 18 January 2017
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
Priority
Negligible
CVSS 3 base score: 4.0
Status
| Package | Release | Status |
|---|---|---|
|
unzip Launchpad, Ubuntu, Debian |
Upstream |
Released
(6.0-21)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(6.0-21ubuntu1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(6.0-21ubuntu1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(6.0-20ubuntu1.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(6.0-9ubuntu1.6)
|
|
| This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu. | ||
Notes
| Author | Note |
|---|---|
| tyhicks | In Ubuntu, this is reduced to a DoS thanks to zipinfo being built with -D_FORTIFY_SOURCE=2 See LP: #1643750 for a reproducer |