FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 06:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d9360908-9d52-11e4-87fd-10bf48e1088e	unzip -- input sanitization errors oCERT reports: The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the test_compr_eb() and the getZip64Data() functions. The input errors may result in arbitrary code execution. A specially crafted zip file, passed to unzip -t, can be used to trigger the vulnerability. Discovery 2014-12-03 Entry 2015-01-16 unzip le 6.0_2 CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 http://www.info-zip.org/UnZip.html https://bugzilla.redhat.com/show_bug.cgi?id=1174844 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8140 https://bugzilla.redhat.com/show_bug.cgi?id=1174856

VuXML ID

Description

d9360908-9d52-11e4-87fd-10bf48e1088e

unzip -- input sanitization errors

oCERT reports:

The UnZip tool is an open source extraction utility for archives compressed in the zip format.

The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the test_compr_eb() and the getZip64Data() functions. The input errors may result in arbitrary code execution.

A specially crafted zip file, passed to unzip -t, can be used to trigger the vulnerability.

Discovery 2014-12-03
Entry 2015-01-16
unzip

le 6.0_2

CVE-2014-8139
CVE-2014-8140
CVE-2014-8141
http://www.info-zip.org/UnZip.html
https://bugzilla.redhat.com/show_bug.cgi?id=1174844
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8140
https://bugzilla.redhat.com/show_bug.cgi?id=1174856