CVE-2004-1096

NameCVE-2004-1096
DescriptionArchive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libarchive-zip-perl (PTS)stretch (security), stretch1.59-1+deb9u1fixed
buster1.64-1fixed
bookworm, bullseye, sid1.68-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libarchive-zip-perlsource(unstable)1.14-1

Search for package or bug name: Reporting problems