INFSA-2025:20838: zziplib security update
Information about definition
Identificator: INFSA-2025:20838
Type: security
Release date: 2025-12-01 17:17:40 UTC
Information about package
The zziplib is a lightweight library to easily extract data from zip files.
Vulnerabilities description
- CVE-2018-17828
It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip. An attacker may use this flaw to write files outside the intended target directory, overwriting existing files, or creating new ones.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2018-17828
|
no information | 5.5 | no information |
Updated packages
Preparing to download...