CVE-2018-6540

Name of the Vulnerable Software and Affected Versions: ZZIPlib version 0.13.67

Description: The issue is related to the zzip disk findfirst function in the zzip/mmapped.c file, which can cause a bus error due to the loading of a misaligned address. This can be exploited by remote attackers to cause a denial of service using a crafted zip file. The vulnerability is also associated with an incorrect buffer size calculation in the zzip disk findfirst function of the ZZIPlib archiving library.

Recommendations: For ZZIPlib version 0.13.67, consider avoiding the use of the zzip disk findfirst function until a patch is available. As a temporary workaround, restrict the handling of zip files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.