Unzip Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Unzip Project CVE published 2017-01-18

CVE-2016-9844

CVE-2016-9844 is a buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0. According to the published description, a malformed central directory file header with a large compression method value can cause a crash, creating a denial-of-service condition. NVD maps the issue to CWE-119 and scores it as medium severity with availability impact only.

MEDIUM Unzip Project CVE published 2017-01-18

CVE-2014-9913

CVE-2014-9913 describes a buffer overflow in the list_files function in UnZip 6.0’s list.c. The documented impact is denial of service via a crash while handling archive content related to the compression method. NVD classifies the issue with low attack complexity and no confidentiality or integrity impact, but availability impact is present.