CVE-2018-16548

MEDIUM

Gdraheim Zziplib < 0.13.69 - Resource Leak

Title source: rule

Description

An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.

References (5)

[Exploit, Patch, Third Party Advisory] https://github.com/gdraheim/zziplib/issues/58

[Mailing List] https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2019:2196

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00065.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00066.html

Scores

CVSS v3 6.5

EPSS 0.0050

EPSS Percentile 65.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-772

Status published

Affected Products (1)

gdraheim/zziplib < 0.13.69

Timeline

Published Sep 05, 2018

Tracked Since Feb 18, 2026