CVE-2012-1163 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-1163 PUBLISHED CVSS 6.800000190734863 MEDIUM

Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.

EPSS 1.38% · 80.2th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

1.38%

80.2th percentile

Affected Products

Vendor	Product	Versions
nih	libzip	0.10
n/a	n/a	n/a

Timeline

Jul 12, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Oct 22, 2023 EPSS Score

References

[libzip-discuss] 20120320 libzip-0.10.1 security fix release mailing-list
[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip mailing-list
MDVSA-2012:034 vendor-advisory
http://www.nih.at/libzip/NEWS.html url
[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip mailing-list
GLSA-201203-23 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2012-1163 advisory

Open in Interactive Console →