CVE-2012-1163

Name of the Vulnerable Software and Affected Versions libzip versions prior to 0.10.1

Description The issue concerns multiple vulnerabilities in the libzip package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, an integer overflow in the zip readcdir function in zip open.c allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive. This triggers improper restrictions of operations within the bounds of a memory buffer and an information leak.

Recommendations For libzip versions prior to 0.10.1, update to version 0.10.1 or later to resolve the issue. As a temporary workaround, consider restricting access to zip archives from untrusted sources until a patch is available.