CVE-2012-1163

NIH Libzip - Numeric Error

Title source: rule

Description

Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.

References (6)

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2012:034

[Various Sources] http://www.nih.at/libzip/NEWS.html

[Various Sources] http://nih.at/listarchive/libzip-discuss/msg00252.html

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml

[Mailing List] http://www.openwall.com/lists/oss-security/2012/03/21/2

[Mailing List] http://www.openwall.com/lists/oss-security/2012/03/29/11

Scores

EPSS 0.0138

EPSS Percentile 80.1%

Classification

CWE

CWE-189

Status draft

Affected Products (1)

nih/libzip

Timeline

Published Jul 12, 2012

Tracked Since Feb 18, 2026