Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-5976

Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.

Published

2017-03-01T15:59:01.197

Last Modified

2025-07-10T15:44:54.403

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application gdraheim zziplib 0.13.56 Yes
Application gdraheim zziplib 0.13.57 Yes
Application gdraheim zziplib 0.13.58 Yes
Application gdraheim zziplib 0.13.59 Yes
Application gdraheim zziplib 0.13.60 Yes
Application gdraheim zziplib 0.13.61 Yes
Application gdraheim zziplib 0.13.62 Yes
Operating System debian debian_linux 8.0 Yes
Operating System debian debian_linux 9.0 Yes
References