libzip: Multiple vulnerabilities

libzip: Multiple vulnerabilities Multiple vulnerabilities have been found in libzip, the worst of which might allow execution of arbitrary code. libzip 2012-03-29 2012-03-29 409117 remote 0.10.1 0.10.1

libzip is a library for manipulating zip archives.

Two vulnerabilities have been found in the "_zip_readcdir()" function in zip_open.c of libzip:

An incorrect loop construct, which could cause a heap-based buffer overflow (CVE-2012-1162).
An integer overflow, which may not restrict operations within the memory buffer (CVE-2012-1163).

A remote attacker could entice a user to open a specially crafted ZIP file, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, or information leaks.

There is no known workaround at this time.

All libzip users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-libs/libzip-0.10.1"

CVE-2012-1162 CVE-2012-1163 ackle ackle