{"id":"CVE-2014-8140","details":"Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.","modified":"2026-02-05T10:29:30.412076Z","published":"2020-01-31T22:15:10Z","related":["MGASA-2014-0562","SUSE-SU-2015:0377-1","openSUSE-SU-2024:10480-1"],"references":[{"type":"ADVISORY","url":"http://www.ocert.org/advisories/ocert-2014-011.html"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1031433"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2015:0700"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174851"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174851"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}