FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

unzip -- out of boundary access issues in test_compr_eb

Affected packages
unzip < 6.0_4

Details

VuXML ID e543c6f8-abf2-11e4-8ac7-d050992ecde8
Discovery 2014-11-02
Entry 2015-02-03

Ubuntu Security Notice USN-2489-1 reports:

Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.

[source]

References

CVE Name CVE-2014-9636
URL http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9636.html
URL http://seclists.org/oss-sec/2014/q4/489
URL http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
URL http://www.ubuntu.com/usn/usn-2489-1/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.