CVE-2018-6541

Name of the Vulnerable Software and Affected Versions: ZZIPlib version 0.13.67

Description: The issue is related to insufficient input validation in the zzip fetch disk trailer function of the ZZIPlib archiving library. This can be exploited by remote attackers to cause a denial of service using a specially crafted zip file. The problem arises when handling disk64 trailer local entries, leading to a bus error due to the loading of a misaligned address.

Recommendations: For ZZIPlib version 0.13.67, consider avoiding the use of the zzip fetch disk trailer function until a patch is available, or refrain from handling untrusted zip files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.