CVE-2014-9485

MEDIUM

minizip < 1.1-5 - Path Traversal and Arbitrary File Write via ZIP Archive Entry

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/71846
Issue Tracking, Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2014/12/31/11
Issue Tracking, Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2015/01/03/16

Scores

CVSS v3 5.5
EPSS 0.0409
EPSS Percentile 89.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (2)
minizip_project/minizip < 1.1-4
zlib-ng/minizip-ng < 1.1-4
Published Jan 16, 2018
Tracked Since Feb 18, 2026