CVE-2005-4667

Name of the Vulnerable Software and Affected Versions UnZip versions 5.50 and earlier

Description The issue allows user-assisted attackers to execute arbitrary code via a long filename command line argument. However, since the overflow occurs in a non-setuid program, the risk is relatively low unless UnZip is passed long arguments when invoked from other programs.

Recommendations For UnZip versions 5.50 and earlier, consider avoiding the use of long filename command line arguments until a fix is available. As a temporary workaround, restrict the length of filename arguments passed to UnZip to prevent potential exploitation.