CVE-2012-1162

libzip 0.10 - Heap-Based Buffer Overflow in _zip_readcdir Function

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."

References (6)

Core 6
Core References
Exploit mailing-list x_refsource_mlist
http://nih.at/listarchive/libzip-discuss/msg00252.html
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/21/2
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:034
Various Sources x_refsource_confirm
http://www.nih.at/libzip/NEWS.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/29/11
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml

Scores

EPSS 0.0402
EPSS Percentile 89.4%

Details

CWE
CWE-119
Status published
Products (1)
nih/libzip 0.10
Published Jul 12, 2012
Tracked Since Feb 18, 2026