CVE-2016-9844

CWE-119Buffer OverflowCWE-121Stack-based Buffer Overflow11 documents9 sources
Severity
4.0MEDIUM
EPSS
9.8%
top 7.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Unzip Project Unzip
Timeline
PublishedJan 18
Latest updateMay 13

Description

Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

Debianunzip< 6.0-21+3

🔴Vulnerability Details

3
GHSA
GHSA-r3pw-cm89-hq37: Buffer overflow in the zi_short function in zipinfo2022-05-13
CVEList
CVE-2016-9844: Buffer overflow in the zi_short function in zipinfo2017-01-18
OSV
CVE-2016-9844: Buffer overflow in the zi_short function in zipinfo2017-01-18

📋Vendor Advisories

4
Ubuntu
unzip vulnerabilities2020-12-16
Microsoft
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory f2017-01-10
Red Hat
unzip: methbuf[] buffer overflow in zipinfo's zi_short()2016-12-05
Debian
CVE-2016-9844: unzip - Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allo...2016

💬Community

3
Bugzilla
CVE-2016-9844 unzip: methbuf[] buffer overflow in zipinfo's zi_short() [fedora-all]2016-12-13
Bugzilla
CVE-2016-9844 unzip: methbuf[] buffer overflow in zipinfo's zi_short()2016-12-06
Bugzilla
CVE-2014-9844 ImageMagick: out of bound issue in rle file2016-06-07