Heap Overflow Vulnerability in Info-ZIP UnZip 6.0
CVE-2015-7696

Currently unrated

Key Information:

Vendor

Canonical

Status
Ubuntu Linux
Debian Linux
Vendor
CVE Published:
6 November 2015

What is CVE-2015-7696?

The vulnerability in Info-ZIP UnZip 6.0 allows remote attackers to exploit a heap-based buffer over-read that can lead to an application crash or potentially allow the execution of arbitrary code. This can occur when a crafted password-protected ZIP archive is processed, with the exploit possibly linked to an inappropriate Extra-Field size value within the archive. Users and administrators are advised to take precautionary measures against this susceptibility to ensure their systems remain secure.

References

http://www.ubuntu.com/usn/USN-2788-2
vendor-advisoryx_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2015/09/07/4
mailing-listx_refsource_MLIST
http://www.debian.org/security/2015/dsa-3386
vendor-advisoryx_refsource_DEBIAN

EPSS Score

34% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-7696 : Heap Overflow Vulnerability in Info-ZIP UnZip 6.0