Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1162

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1162
Last Modified 13 Jul 2012 10:50:48
Published 12 Jul 2012 04:55:14
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1162

Summary

Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."

Vulnerable Systems

Application

  • Nih Libzip 0.10


References

MLIST - [oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip

MLIST - [oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip

CONFIRM - http://www.nih.at/libzip/NEWS.html

MANDRIVA - MDVSA-2012:034

GENTOO - GLSA-201203-23

MLIST - [libzip-discuss] 20120320 libzip-0.10.1 security fix release


Last Updated: 27 May 2016 10:54:52