Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

CVE-2007-1614 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2007-1614

CVE-2007-1614

UNKNOWN

Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file

Published Mar 23, 2007

Modified 1 years ago

Details

Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename.

References

WEB

http://osvdb.org/33838

ADVISORY

http://secunia.com/advisories/24586

ADVISORY

http://secunia.com/advisories/24708

ADVISORY

http://security.gentoo.org/glsa/glsa-200704-05.xml

WEB

http://sourceforge.net/project/shownotes.php?group_id=6389&release_id=494587

ADVISORY

http://www.mandriva.com/security/advisories?name=MDKSA-2007:093

WEB

http://www.securityfocus.com/bid/23013

WEB

http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187

WEB

http://www.vupen.com/english/advisories/2007/0998

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2007-1614

CVSS Analysis

CVSS v2.0

9.3

Exploitability

Access Vector

NetworkAV:N

Access Complexity

MediumAC:M

Authentication

NoneAu:N

Impact

Confidentiality

CompleteC:C

Integrity

CompleteI:C

Availability

CompleteA:C

9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C

Ecosystems

Timeline

PublishedMar 23, 2007

ModifiedAug 7, 2024