From cd63d1201f5ec8c4cdb285b22d166e258f459a1c Mon Sep 17 00:00:00 2001 From: Nico Golde Date: Mon, 3 Sep 2007 21:56:41 +0000 Subject: advisory file for zziplib git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6485 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/DTSA/advs/56-zziplib.adv | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 data/DTSA/advs/56-zziplib.adv (limited to 'data/DTSA/advs') diff --git a/data/DTSA/advs/56-zziplib.adv b/data/DTSA/advs/56-zziplib.adv new file mode 100644 index 0000000000..4f04836995 --- /dev/null +++ b/data/DTSA/advs/56-zziplib.adv @@ -0,0 +1,23 @@ +source: centerim +date: September 4st , 2007 +author: Nico Golde +vuln-type: buffer overflow +problem-scope: remote +debian-specifc: no +cve: CVE-2007-1614 +vendor-advisory: +testing-fix: 0.12.83-8lenny1 +sid-fix: 0.13.49-0 +upgrade: apt-get upgrade + +The zziplib library is prone to a stack-based buffer overflow +which might allow remote attackers to execute arbitrary code +or denial of service (application crash) via a long file name. + +CVE-2007-1614 + +Stack-based buffer overflow in the zzip_open_shared_io function +in zzip/file.c in ZZIPlib Library before 0.13.49 allows +user-assisted remote attackers to cause a denial of service +(application crash) or execute arbitrary code via a long +filename. -- cgit v1.2.3