龙8-long8

简介

An update for zziplib is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4

严重级别

High

主题

An update for zziplib is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4.

openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

描述

The zziplib is a lightweight library to easily extract data from zip files. Applications can bundle files into a single zip archive and access them. The implementation is based only on the (free) subset of compression with the zlib algorithm which is actually used by the zip/unzip tools.

Security Fix(es):

A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.(CVE-2024-39134)

影响组件

Zziplib

CVE

CVE-2024-39134

参考链接

https://nvd.nist.gov/vuln/detail/CVE-2024-39134

后续改善计划

龙8-long8计算机会持续跟进该漏洞的最新动态，请关注龙8-long8计算机官网、官微公告有任何关于此漏洞修复的问题，可以通过以下方式联系我们:

龙8-long8计算机售后咨询热线:4008-870-872

龙8-long8PSIRT邮箱:psirt@powerleadercom.cn

龙8-long8计算机官网:https://www.powerleadercom.cn