CVE-2014-9485

Name of the Vulnerable Software and Affected Versions minizip versions prior to 1.1-5

Description The issue is related to a directory traversal vulnerability in the do extract currentfile function in miniunz.c in miniunzip. This vulnerability might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.

Recommendations For versions prior to 1.1-5, update to version 1.1-5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the do extract currentfile function in miniunz.c until a patch is available. Avoid using miniunzip to extract ZIP archives from untrusted sources until the issue is resolved.