Info-ZIP project / Bugs / #27 Buffer overflow with handcrafted zip file

Buffer overflow with handcrafted zip file

#27 Buffer overflow with handcrafted zip file

Status: open-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2013-02-26

Created: 2009-09-18

Creator: Gabe Gorelick

Private: No

See https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/387350 for more details, but the summary is that a specially crafted zip file will cause a buffer overflow in list.c. This is not a major security concern though, as it only causes a single byte overflow in the bss region not near any control structures. Still, it is something that should be fixed.

Discussion

Gabe Gorelick - 2009-09-18

File that will cause the overflow

hello.zip

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Steven Schweda - 2013-02-26

Thanks (belated) for the report. UnZip version 6.1c (beta) and later
should include a fix for this. Now, values less than 1000 are displayed
as before, using a three-digit decimal format, "Unk:ddd", but larger
values are displayed using a four-digit hexadecimal format, "UnkXXXX".
(This avoids spoiling the report format for the would-be wider values.)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Steven Schweda - 2013-02-26

status: open --> open-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Buffer overflow with handcrafted zip file

Group

Searches

Help

#27 Buffer overflow with handcrafted zip file

Discussion