{"id":"MGASA-2017-0163","summary":"Updated zziplib packages fix security vulnerability","details":"Heap-based buffer overflow in __zzip_get32 in fetch.c (CVE-2017-5974).\n\nHeap-based buffer overflow in __zzip_get64 in fetch.c (CVE-2017-5975).\n\nHeap-based buffer overflow in zzip_mem_entry_extra_block in memdisk.c\n(CVE-2017-5976).\n\nInvalid memory read in zzip_mem_entry_extra_block in memdisk.c\n(CVE-2017-5977).\n\nOut of bounds read in zzip_mem_entry_new in memdisk.c (CVE-2017-5978).\n\nNULL pointer dereference in prescan_entry in fseeko.c (CVE-2017-5979).\n\nNULL pointer dereference in zzip_mem_entry_new in memdisk.c\n(CVE-2017-5980).\n\nAssertion failure in seeko.c (CVE-2017-5981).\n\nNULL pointer dereference in main in unzzipcat-mem.c (bsc#1024532).\n\nNULL pointer dereference in main in unzzipcat.c (bsc#1024537).\n","modified":"2026-04-16T06:24:09.358960558Z","published":"2017-06-09T23:05:58Z","upstream":["CVE-2017-5974","CVE-2017-5975","CVE-2017-5976","CVE-2017-5977","CVE-2017-5978","CVE-2017-5979","CVE-2017-5980","CVE-2017-5981"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0163.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20285"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-05/msg00025.html"}],"affected":[{"package":{"name":"zziplib","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/zziplib?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.13.62-5.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0163.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}