CVE-2017-5979 Gdraheim CVE debrief

Who should care

Teams that ship or depend on zziplib 0.13.62, especially software that parses ZIP files from untrusted or user-supplied sources. This includes maintainers of archive handlers, file import features, and desktop or server applications that automatically inspect ZIP content.

Technical summary

The vulnerable path is prescan_entry() in fseeko.c within zziplib 0.13.62. According to the CVE description, a crafted ZIP file can trigger a NULL pointer dereference, which results in a process crash and denial of service. The NVD CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating availability impact only and requiring user interaction.

Defensive priority

Medium — patch or replace zziplib 0.13.62 promptly if your environment processes untrusted ZIP files, because the issue can crash the consuming process.

Recommended defensive actions

• Inventory products and packages that bundle or depend on zziplib 0.13.62.
• Upgrade to a non-vulnerable zziplib release or apply the vendor's fixed package if you rely on a downstream distribution.
• Treat ZIP files from untrusted sources as hostile input and route them through updated parsers only.
• Add crash monitoring and alerting for archive-processing components so denial-of-service events are detected quickly.
• If you cannot patch immediately, reduce exposure by limiting who can submit or trigger ZIP parsing workflows.

Evidence notes

The NVD record identifies zziplib 0.13.62 as vulnerable and cites CWE-476 (NULL Pointer Dereference). The CVE description states that a crafted ZIP file can cause a crash in prescan_entry() in fseeko.c. Referenced third-party and vendor-linked material includes a Gentoo blog advisory, Debian security advisory DSA-3878, and a SecurityFocus BID entry. The CVSS vector in NVD emphasizes user interaction and availability impact only.

Official resources