| Name | CVE-2019-13453 |
| Description | Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile(). |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3030-1 |
| Debian Bugs | 932556 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| zipios++ (PTS) | sid, trixie, bookworm, bullseye | 0.1.5.9+cvs.2007.04.28-11 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| zipios++ | source | stretch | 0.1.5.9+cvs.2007.04.28-6+deb9u1 | | DLA-3030-1 | |
| zipios++ | source | buster | 0.1.5.9+cvs.2007.04.28-10+deb10u1 | | | |
| zipios++ | source | (unstable) | 0.1.5.9+cvs.2007.04.28-11 | low | | 932556 |
Notes
[jessie] - zipios++ <no-dsa> (Minor issue)
https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch