Vulnerability Details CVE-2016-9844
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.113
EPSS Ranking 93.1%
CVSS Severity
CVSS v3 Score 4.0
CVSS v2 Score 2.1
References
- http://www.openwall.com/lists/oss-security/2016/12/05/13
- http://www.openwall.com/lists/oss-security/2016/12/05/19
- http://www.openwall.com/lists/oss-security/2016/12/05/20
- http://www.securityfocus.com/bid/94728
- https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
- http://www.openwall.com/lists/oss-security/2016/12/05/13
- http://www.openwall.com/lists/oss-security/2016/12/05/19
- http://www.openwall.com/lists/oss-security/2016/12/05/20
- http://www.securityfocus.com/bid/94728
- https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
Products affected by CVE-2016-9844
-
cpe:2.3:a:unzip_project:unzip:6.0