exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2014-8140

Status Candidate

Overview

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

Related Files

Slackware Security Advisory - infozip Updates
Posted Mar 4, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384
SHA-256 | 2d88d00368cf8928d96abd2e9bbc2443f1a829890ef6abcd2773ac66b75c08a3
Gentoo Linux Security Advisory 201611-01
Posted Nov 1, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-1 - Multiple vulnerabilities have been found in UnZip allowing remote attackers to execute arbitrary code and cause Denial of Service. Versions less than 6.0_p20 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636
SHA-256 | cdb47bf2241655b31eacd5f4ce1266f75ba97fdb8d48e93fd095debfe4fdc848
Apple Security Advisory 2015-06-30-2
Posted Jul 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-06-30-2 - OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-1741, CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2015-0209, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293, CVE-2015-1157, CVE-2015-1798, CVE-2015-1799, CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, CVE-2015-3668, CVE-2015-3671, CVE-2015-3672, CVE-2015-3673
SHA-256 | 36670a2c92a10eed9caf9afd9dd5f818e184e427c1eddb4da037e0aebc712907
Mandriva Linux Security Advisory 2015-123
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-123 - Updated unzip package fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141
SHA-256 | 29ba50a03d278e126684809bd7aa9750c907fee11e1960b53dcaa74fc369fe53
Red Hat Security Advisory 2015-0700-01
Posted Mar 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0700-01 - The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636
SHA-256 | bbf93d3ad2423c641ff52feaf0acea28238c5242e79a963abc3c9b57d08540ed
Ubuntu Security Notice USN-2472-1
Posted Jan 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2472-1 - Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141
SHA-256 | 96af76586c7eb74cac5329190917c1ca0395474a94546844ff04517a84a4601d
Mandriva Linux Security Advisory 2015-016
Posted Jan 8, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-016 - The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification. the test_compr_eb() and the getZip64Data(). functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141
SHA-256 | 2983017324390dd5037ed1e826c1fce37b662d49dbc50811a2506c1b9ccb89e4
Debian Security Advisory 3113-1
Posted Dec 29, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3113-1 - Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141
SHA-256 | c07d19cf6b887fa58bdf1aabe929c435954c16a8c33b34fa65ffa5b22c076cda
UnZip 6.0 Heap Buffer Overflow
Posted Dec 22, 2014
Authored by Andrea Barisani, Open Source CERT

UnZip versions 6.0 and below suffer from multiple heap-based buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141
SHA-256 | 3be56fd57959f7da1359a14b848ad60e6021fb8ff555ec02f94fcdda37fffeaf
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close