CVE-2019-13453

NameCVE-2019-13453
DescriptionZipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile().
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs932556

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zipios++ (PTS)jessie0.1.5.9+cvs.2007.04.28-5.1vulnerable
stretch0.1.5.9+cvs.2007.04.28-6vulnerable
buster0.1.5.9+cvs.2007.04.28-10vulnerable
bullseye, sid0.1.5.9+cvs.2007.04.28-11fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zipios++source(unstable)0.1.5.9+cvs.2007.04.28-11low932556

Notes

[buster] - zipios++ <no-dsa> (Minor issue)
[stretch] - zipios++ <no-dsa> (Minor issue)
[jessie] - zipios++ <no-dsa> (Minor issue)
https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch

Search for package or bug name: Reporting problems