The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
References
Configurations
Information
Published : 2008-03-17 14:44
Updated : 2018-10-15 15:03
NVD link : CVE-2008-0888
Mitre link : CVE-2008-0888
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
info-zip
- unzip