Vulnerabilities > Info ZIP

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2013-5659 Out-of-bounds Write vulnerability in Info-Zip WIZ 5.0.3
Wiz 5.0.3 has a user mode write access violation
network
low complexity
info-zip CWE-787
5.0
2018-02-09 CVE-2018-1000034 Out-of-bounds Read vulnerability in Info-Zip Unzip 6.10C22
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.
network
low complexity
info-zip CWE-125
6.4
2018-02-09 CVE-2018-1000033 Out-of-bounds Read vulnerability in Info-Zip Unzip 6.10C22
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.
network
low complexity
info-zip CWE-125
6.4
2018-02-09 CVE-2018-1000032 Out-of-bounds Write vulnerability in Info-Zip Unzip 6.10C22
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.
network
info-zip CWE-787
6.8
2018-02-09 CVE-2018-1000031 Out-of-bounds Write vulnerability in Info-Zip Unzip 6.10C22
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.
network
info-zip CWE-787
6.8
2015-02-23 CVE-2015-1315 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.
network
low complexity
canonical info-zip CWE-119
7.5
2008-03-17 CVE-2008-0888 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Info-Zip Unzip
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
network
info-zip CWE-119
critical
9.3
2005-12-31 CVE-2005-4667 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Info-Zip Unzip
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument.
local
high complexity
info-zip CWE-119
3.7
2005-08-05 CVE-2005-2475 Unspecified vulnerability in Info-Zip Unzip 5.52
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.
local
high complexity
info-zip
1.2
2005-05-02 CVE-2005-0602 Privilege Escalation vulnerability in Info-Zip Unzip 5.50
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
local
high complexity
info-zip
6.2