CVE-2018-6381

Name of the Vulnerable Software and Affected Versions ZZIPlib versions 0.13.56 through 0.13.67

Description The issue is related to invalid memory access in the zzip disk fread function, causing a segmentation fault. This occurs because the size variable is not validated against the amount of file->stored data. Additionally, there is a buffer overflow vulnerability in the zzip mem entry new function, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For ZZIPlib versions 0.13.56 through 0.13.67, consider disabling the zzip disk fread function and the zzip mem entry new function until a patch is available. Restrict access to the zzip/mmapped.c and zzip/memdisk.c files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.