CVE-2014-9636
unzip 6.0 - Denial of Service via Malformed Extra Field in STORED Method Zip Archive
Title source: llmDescription
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
References (14)
Core 14
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201611-01
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62751
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2015/q1/216
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/71825
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2489-1
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3152
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q4/489
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q4/496
Patch, Vendor Advisory x_refsource_confirm
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q4/1131
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62738
Scores
EPSS
0.1156
EPSS Percentile
95.5%
Details
CWE
CWE-119
Status
published
Products (8)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
debian/debian_linux
7.0
fedoraproject/fedora
20
fedoraproject/fedora
21
unzip_project/unzip
6.0
Published
Feb 06, 2015
Tracked Since
Feb 18, 2026