CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-1315

Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.106

EPSS Ranking 92.9%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt
http://www.openwall.com/lists/oss-security/2015/02/17/4
http://www.ubuntu.com/usn/USN-2502-1
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120
http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt
http://www.openwall.com/lists/oss-security/2015/02/17/4
http://www.ubuntu.com/usn/USN-2502-1
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120

Products affected by CVE-2015-1315

Info-Zip » Unzip » Version: 6.10b

cpe:2.3:a:info-zip:unzip:6.10b
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 14.10

cpe:2.3:o:canonical:ubuntu_linux:14.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-1315

Products

Pricing

Contact Us