VDB

ALPINE-CVE-2014-8141

ALPINE-CVE-2014-8141 PUBLISHED CVSS 7.800000190734863 HIGH

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

Risk Scores

CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.9unzip6.0-r2, 0, 6.0-r0
Alpine:v3.23unzip6.0-r2, 6.0-r0, 6.0-r1
Alpine:v3.16unzip6.0-r2, 0, 6.0-r1
Alpine:v3.10unzip0, 6.0-r0, 6.0-r1
Alpine:v3.18unzip6.0-r0, 6.0-r0, 6.0-r1
Alpine:v3.5unzip0, 6.0-r2, 6.0-r1
Alpine:v3.13unzip6.0-r0, 6.0-r2, 6.0-r1
Alpine:v3.21unzip6.0-r1, 6.0-r2, 0
Alpine:v3.7unzip6.0-r2, 6.0-r2, 0
Alpine:v3.22unzip0, 6.0-r0, 6.0-r1
Alpine:v3.14unzip6.0-r2, 0, 6.0-r0
Alpine:v3.12unzip6.0-r1, 0, 6.0-r0
Alpine:v3.20unzip6.0-r2, 0, 6.0-r0
Alpine:v3.15unzip6.0-r2, 6.0-r0, 6.0-r1
Alpine:v3.11unzip6.0-r0, 0, 6.0-r2
Alpine:v3.6unzip6.0-r2, 0, 6.0-r0
Alpine:v3.17unzip6.0-r2, 6.0-r1, 6.0-r0
Alpine:v3.8unzip6.0-r2, 6.0-r0, 6.0-r2
Alpine:v3.19unzip6.0-r1, 0, 6.0-r1

Timeline

  • Jan 31, 2020 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›