Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Unzip Project Subscribe
Total 15 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8140 2 Redhat, Unzip Project 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more 2023-02-12 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVE-2014-8139 2 Redhat, Unzip Project 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more 2023-02-12 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVE-2014-8141 2 Redhat, Unzip Project 6 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Eus and 3 more 2023-02-12 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVE-2020-36561 1 Unzip Project 1 Unzip 2023-01-05 N/A 9.1 CRITICAL
Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2021-4217 3 Fedoraproject, Redhat, Unzip Project 3 Fedora, Enterprise Linux, Unzip 2022-11-29 N/A 3.3 LOW
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVE-2022-0530 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2022-09-30 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVE-2022-0529 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2022-09-30 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVE-2018-1000035 1 Unzip Project 1 Unzip 2020-08-24 6.8 MEDIUM 7.8 HIGH
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
CVE-2019-13232 2 Debian, Unzip Project 2 Debian Linux, Unzip 2020-06-16 2.1 LOW 3.3 LOW
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
CVE-2014-9636 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2019-12-16 5.0 MEDIUM N/A
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
CVE-2015-7696 3 Canonical, Debian, Unzip Project 3 Ubuntu Linux, Debian Linux, Unzip 2019-12-16 6.8 MEDIUM N/A
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.
CVE-2015-7697 3 Canonical, Debian, Unzip Project 3 Ubuntu Linux, Debian Linux, Unzip 2019-12-16 4.3 MEDIUM N/A
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
CVE-2016-9844 1 Unzip Project 1 Unzip 2019-12-16 2.1 LOW 4.0 MEDIUM
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
CVE-2018-18384 1 Unzip Project 1 Unzip 2019-12-16 4.3 MEDIUM 5.5 MEDIUM
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
CVE-2014-9913 1 Unzip Project 1 Unzip 2019-12-16 2.1 LOW 4.0 MEDIUM
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.