blob: b9a5b6398b3a2730f31e802d3a7fdb49a7330c74 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200704-05">
<title>zziplib: Buffer Overflow</title>
The zziplib library contains a buffer overflow vulnerability that could
lead to user-assisted remote execution of arbitrary code.
<product type="ebuild">zziplib</product>
<announced>April 03, 2007</announced>
<revised>April 03, 2007: 01</revised>
<package name="dev-libs/zziplib" auto="yes" arch="*">
<unaffected range="ge">0.13.49</unaffected>
<vulnerable range="lt">0.13.49</vulnerable>
The zziplib library is a lightweight library for extracting data from
files archived in a single zip file.
dmcox dmcox discovered a boundary error in the zzip_open_shared_io()
function from zzip/file.c .
<impact type="normal">
A remote attacker could entice a user to run a zziplib function with an
overly long string as an argument which would trigger the buffer
overflow and may lead to the execution of arbitrary code.
There is no known workaround at this time.
All zziplib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=dev-libs/zziplib-0.13.49&quot;</code>
<uri link="">CVE-2007-1614</uri>
<metadata tag="requester" timestamp="Sat, 24 Mar 2007 20:39:36 +0000">
<metadata tag="submitter" timestamp="Mon, 26 Mar 2007 21:59:00 +0000">
<metadata tag="bugReady" timestamp="Thu, 29 Mar 2007 21:14:54 +0000">