CVE-2017-1000472

NameCVE-2017-1000472
DescriptionThe ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1239-1, DSA-4083-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
poco (PTS)jessie (security), jessie1.3.6p1-5+deb8u1fixed
stretch (security), stretch1.7.6+dfsg1-5+deb9u1fixed
buster1.9.0-4fixed
sid1.9.0-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pocosource(unstable)1.8.0-2medium
pocosourcejessie1.3.6p1-5+deb8u1mediumDSA-4083-1
pocosourcestretch1.7.6+dfsg1-5+deb9u1mediumDSA-4083-1
pocosourcewheezy1.3.6p1-4+deb7u1mediumDLA-1239-1

Notes

https://github.com/pocoproject/poco/issues/1968

Search for package or bug name: Reporting problems