{"id":"CVE-2019-17582","details":"A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states \"This use-after-free is triggered prior to the double free reported in CVE-2017-12858.\"","modified":"2026-04-11T14:11:12.521951Z","published":"2021-02-09T19:15:12.553Z","references":[{"type":"ADVISORY","url":"https://github.com/nih-at/libzip/issues/5"},{"type":"ADVISORY","url":"https://libzip.org/libzip-discuss/"},{"type":"FIX","url":"https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nih-at/libzip","events":[{"introduced":"0"},{"last_affected":"a23ac8a766c556827255111eb35ba928641efbc8"},{"fixed":"2217022b7d1142738656d891e00b3d2d9179b796"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2.0"}]}}],"versions":["brian-gladman-fcrypt-2008-11-18","rel-0-10","rel-0-11-1","rel-0-11-2","rel-0-8","rel-0-9","rel-0-9-1","rel-0-9-2","rel-0-9-3","rel-1-0","rel-1-0-1","rel-1-0-beta1","rel-1-1","rel-1-1-1","rel-1-1-2","rel-1-1-3","rel-1-2-0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T14:11:12Z","vanir_signatures":[{"digest":{"function_hash":"247741707400283749085108019441784905923","length":5237},"signature_version":"v1","source":"https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796","id":"CVE-2019-17582-11de36c1","target":{"function":"_zip_dirent_read","file":"lib/zip_dirent.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"line_hashes":["126407887668340329650951841643656814806","79489290485161336371396243068446216870","103867276804264513481566455227706953226","200745644596356662579889932048953027052","18703439355701899585658934728937768609","10360732491339512210894939584152610856"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796","id":"CVE-2019-17582-f2d51449","target":{"file":"lib/zip_dirent.c"},"deprecated":false,"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17582.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}