Re: CVE Request: Info-Zip zipinfo buffer overflow

[<cve-assign () mitre org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://launchpad.net/bugs/1643750

> The zipinfo buffer overflow occurs due to a flaw in zipinfo.c's
> zi_short() function:

> #11 zi_short () at zipinfo.c:1986
> #12 zipinfo () at zipinfo.c:919
> #13 0x000000000041144a in do_seekable (lastchance=lastchance@entry=0) at
> process.c:974
> #14 0x0000000000411bdf in process_zipfiles () at process.c:401
> #15 0x0000000000404191 in unzip (argc=0, argv=0x7fffffffe628) at
> unzip.c:1278

> The overflow occurs when the two-byte compression method field in the
> central directory file header is greater then 999.

Use CVE-2016-9844.


> consider assigning a CVE to the related
> `unzip -l` issue from 2014.

> > http://www.openwall.com/lists/oss-security/2014/11/03/5
> >
> > list_files() in list.c
> >
> > sprintf(&methbuf[4], "%03u"
> >
> > *printf() field-width format specifiers don't restrict the length of the
> > output

Use CVE-2014-9913.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYReVRAAoJEHb/MwWLVhi2sDQP+wZ1soybVzOtLc5BTXlHE6fD
48H0AW+qIG6eKrzxUWfi+Boo3xs3mwSqLnqTBrLiqGqbxLk4ssJjFVYvRkEKPAHn
Y6OeAgO6scW7m9EtP/bZiOuDionz8uS04hZmLq4RgJu/VXjj7SDP1MSHBRHYECZI
wWpL5NZyBpv8Z2ZAs2Cn92piP4rvAXzVXt5Qxi1ay5O4II+PXYtDkBMlh88r4GVt
j6+9fjcpuG2S9lG3t7/O4oU99vaCRfDqFgwMZE62J8N3l9Fs+Z6zngr+rGu2m4xr
kx6Ox5QWsuNVWLGULs6gy7ZI7845dc3HppZEBG+jjN8rhPTtwRWaAgwftsDYIRUW
ZuUMLWyoTjinvqeAJE6PRhzmYXNfZ4ghMe82+QnF5ssMdJQP/S89EFyJGok7e0Ei
Ie8qNpOtkm+TByyc161pEYyP3v3oMoMMZMi7znVEg2cR8tupeu7SeX8EvczEtxkI
4p5wQcZvIFq0ugIaTJ0tHqru5Iw60xCYmitNyd+91PEiO7hT6/5DShXJ90XLt9E5
ozYURyrOsu5JmAsE7P34vGHQpqAXzU4DJQ3Y8136T798t3o4qUU5zMPV3T7StC5z
R8yU9YOFetQwToSoEfzulELaYES+GT8jHjf/5q1JFzFBZWQvd8lqBvf/rm7yF3Tm
qUheoN1jfmydELo6uwea
=sfNe
-----END PGP SIGNATURE-----