PT-2019-13344 · Zipios+1 · Zipios+1

Mike Salvatore

Published

2019-07-15

Updated

2022-06-02

CVE-2019-13453

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Zipios versions prior to 0.1.7

Description The issue is related to the handling of certain malformed zip archives, which can cause the software to go into an infinite loop, resulting in a denial of service. This is associated with the readUint32() function in zipheadio.h and the Zipfile::Zipfile() function in zipfile.cpp.

Recommendations For versions prior to 0.1.7, update to version 0.1.7 or later to resolve the issue. As a temporary workaround, consider restricting the handling of malformed zip archives to minimize the risk of exploitation.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2019-13453

DLA-3030-1

MGASA-2019-0341

OPENSUSE-SU-2024:13562-1

USN-4055-1

USN-4057-1

Affected Products

Ubuntu

Zipios

PT-2019-13344 · Zipios+1 · Zipios+1

CVE-2019-13453

Weakness Enumeration

Related Identifiers

Affected Products

References · 23