Vulnerability CVE-2012-1162: Information

Description

Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."

Severity: HIGH (7.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2012-1162
Published: July 13, 2012
Modified: July 13, 2012
Error type identifier: CWE-119

References to Advisories, Solutions, and Tools

Hyperlink
Resource
[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip
  • Exploit
[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip
    MDVSA-2012:034
      [libzip-discuss] 20120320 libzip-0.10.1 security fix release
      • Exploit
      http://www.nih.at/libzip/NEWS.html
        GLSA-201203-23

            1. Configuration 1

              cpe:2.3:a:nih:libzip:0.10:*:*:*:*:*:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.4.2
          Back to top