Bus Error Vulnerability in ZZIPlib 0.13.67 Allows for Denial of Service via Crafted Zip File

Bus Error Vulnerability in ZZIPlib 0.13.67 Allows for Denial of Service via Crafted Zip File

CVE-2018-6541 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

Learn more about our Web Application Penetration Testing UK.