Info Zip · Info-Zip Unzip · CVE-2018-18384
**Name of the Vulnerable Software and Affected Versions**
Info-ZIP UnZip version 6.0
**Description**
The issue is caused by a buffer overflow in the list.c file of the Info-ZIP UnZip archiver. This occurs when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, due to a buffer size mismatch, where the size is 10 but should be 12. Exploitation of this issue may allow an attacker to execute arbitrary code.
**Recommendations**
For Info-ZIP UnZip version 6.0, consider applying a patch or update that fixes the buffer size mismatch in the list.c file to prevent the buffer overflow. As a temporary workaround, restrict the use of crafted ZIP archives to minimize the risk of exploitation.