FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

unzip -- multiple vulnerabilities

Affected packages
unzip < 6.0_7


VuXML ID 86c3c66e-b2f5-11e5-863a-b499baebfeaf
Discovery 2015-09-26
Entry 2016-01-04

Gustavo Grieco reports:

Two issues were found in unzip 6.0:

* A heap overflow triggered by unzipping a file with password (e.g unzip -p -P x

* A denegation of service with a file that never finishes unzipping (e.g. unzip


CVE Name CVE-2015-7696
CVE Name CVE-2015-7697
FreeBSD PR ports/204413