CVE-2012-1162
libzip 0.10 - Heap-Based Buffer Overflow in _zip_readcdir Function
Title source: llmDescription
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."
References (6)
Core 6
Core References
Exploit mailing-list
x_refsource_mlist
http://nih.at/listarchive/libzip-discuss/msg00252.html
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/21/2
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:034
Various Sources x_refsource_confirm
http://www.nih.at/libzip/NEWS.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/29/11
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml
Scores
EPSS
0.0402
EPSS Percentile
89.4%
Details
CWE
CWE-119
Status
published
Products (1)
nih/libzip
0.10
Published
Jul 12, 2012
Tracked Since
Feb 18, 2026