Security Vulnerabilities fixed in zziplib RHSA-2019:2196

description-logoDescription

The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c (CVE-2018-6541) * zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c (CVE-2018-16548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

affected-products-logoAffected Applications

zziplib

CVE References

CVE-2018-16548 CVE-2018-6541