These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-5981 is a denial-of-service issue in zziplib 0.13.62. The published description says a crafted ZIP file can trigger an assertion failure in seeko.c and crash the application. NVD rates the issue as medium severity with availability impact only, so defenders should focus on any workflow that parses untrusted ZIP archives.
CVE-2017-5980 is a denial-of-service issue in zziplib 0.13.62. A crafted ZIP file can trigger a NULL pointer dereference in zzip_mem_entry_new in memdisk.c, leading to a crash. The published record classifies the impact as availability-only, so the main concern is application interruption rather than data exposure or tampering.
CVE-2017-5979 is a denial-of-service vulnerability in zziplib 0.13.62 caused by a NULL pointer dereference in prescan_entry() in fseeko.c. The practical impact is a crash when the affected code processes a crafted ZIP file. NVD rates the issue as medium severity and classifies it with user interaction required, so the main risk is in applications or services that open untrusted archives.
CVE-2017-5978 is a denial-of-service issue in zziplib 0.13.62. When the library processes a crafted ZIP file, the zzip_mem_entry_new function in memdisk.c can perform an out-of-bounds read and crash. The impact is availability loss rather than data exposure or code execution, and NVD rates the issue as medium severity.
CVE-2017-5977 is a memory-safety issue in zziplib 0.13.62. A crafted ZIP file can trigger an invalid memory read in zzip_mem_entry_extra_block() inside memdisk.c, which can crash the process and cause denial of service. The record is rated CVSS 5.5 (medium) and mapped to CWE-125. The CVE description says remote attackers can trigger the issue, while the NVD CVSS vector also indicates local access and user [truncated]
CVE-2017-5976 is a heap-based buffer overflow in zziplib's zzip_mem_entry_extra_block function in memdisk.c. The issue can be triggered by a crafted ZIP file and is primarily a denial-of-service risk due to process crash. NVD classifies the weakness as CWE-787 and rates the impact as availability-only with high availability impact.
CVE-2017-5975 is a heap-based buffer overflow in zziplib’s __zzip_get64 function in fetch.c. According to NVD, affected versions include zziplib 0.13.56 through 0.13.62. The documented impact is denial of service: a crafted ZIP file can cause a crash. NVD maps the weakness to CWE-787 and rates the issue as medium severity.
CVE-2017-5974 is a heap-based buffer overflow in zziplib's __zzip_get32 function in fetch.c. A crafted ZIP file can trigger a crash, making this primarily an availability issue for software that parses untrusted archives. NVD maps the flaw to CWE-119 and assigns CVSS 5.5 (Medium).