Jean-Sebastien Guay-Leroux

Name of the Vulnerable Software and Affected Versions: AMaViS versions 2.4.1 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This can be achieved by using a ZOO archive with a direntry structure that points to a previous file. Recommendations: For AMaViS versions 2.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PicoZip (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This can be achieved by using a ZOO archive with a direntry structure that points to a previous file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zoo versions 2.10 and earlier **Description** The issue is related to a stack-based buffer overflow in the fullpath function, which can be exploited by user-assisted attackers using a crafted ZOO file. This can cause the combine function to return a longer string than expected, potentially allowing the execution of arbitrary code. **Recommendations** For zoo versions 2.10 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.