Description
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.
References (4)
Core 4
Core References
Issue Tracking x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120
Various Sources x_refsource_misc
http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/02/17/4
Patch, Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2502-1
Scores
EPSS
0.0490
EPSS Percentile
91.0%
Details
CWE
CWE-119
Status
published
Products (4)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
info-zip/unzip
6.10b
Published
Feb 23, 2015
Tracked Since
Feb 18, 2026