寶德提供廠商一站式服務(wù),讓客戶無后顧之憂,助客戶聚焦核心業(yè)務(wù)
簡(jiǎn)介
An update for zziplib is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4
嚴(yán)重級(jí)別
High
主題
An update for zziplib is now available for
openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of
high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a
detailed severity rating, is available for each vulnerability from the
CVElink(s) in the References section.
描述
The zziplib is a lightweight library to easily extract data from zip
files. Applications can bundle files into a single zip archive and access them.
The implementation is based only on the (free) subset of compression with the
zlib algorithm which is actually used by the zip/unzip tools.
Security Fix(es):
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows
attackers to cause a denial of service via the __zzip_fetch_disk_trailer()
function at /zzip/zip.c.(CVE-2024-39134)
影響組件
Zziplib
CVE
CVE-2024-39134
參考鏈接
https://nvd.nist.gov/vuln/detail/CVE-2024-39134
后續(xù)改善計(jì)劃
4008-870-872
點(diǎn)擊咨詢
