Debian Security Advisory

DLA-1287-1 zziplib -- LTS security update

Date Reported:
20 Feb 2018
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2018-6869.
More information:

It was discovered that there was a uncontrolled memory allocation issue in zziplib, a ZIP archive library. Remote attackers could leverage this vulnerability to cause a denial of service via a specially-crafted file.

For Debian 7 Wheezy, this issue has been fixed in zziplib version 0.13.56-1.1+deb7u2.

We recommend that you upgrade your zziplib packages.