Vulnerability Details CVE-2015-7697
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.251
EPSS Ranking 95.9%
CVSS Severity
CVSS v2 Score 4.3
References
- http://sourceforge.net/p/infozip/patches/23/
- http://www.debian.org/security/2015/dsa-3386
- http://www.openwall.com/lists/oss-security/2015/09/07/4
- http://www.openwall.com/lists/oss-security/2015/09/15/6
- http://www.openwall.com/lists/oss-security/2015/10/11/5
- http://www.securityfocus.com/bid/76863
- http://www.securitytracker.com/id/1034027
- http://www.ubuntu.com/usn/USN-2788-1
- http://www.ubuntu.com/usn/USN-2788-2
- http://sourceforge.net/p/infozip/patches/23/
- http://www.debian.org/security/2015/dsa-3386
- http://www.openwall.com/lists/oss-security/2015/09/07/4
- http://www.openwall.com/lists/oss-security/2015/09/15/6
- http://www.openwall.com/lists/oss-security/2015/10/11/5
- http://www.securityfocus.com/bid/76863
- http://www.securitytracker.com/id/1034027
- http://www.ubuntu.com/usn/USN-2788-1
- http://www.ubuntu.com/usn/USN-2788-2
Products affected by CVE-2015-7697
-
cpe:2.3:a:unzip_project:unzip:6.0
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:15.04
-
cpe:2.3:o:canonical:ubuntu_linux:15.10
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:8.0