VDB

GCVE-110-MAGEIA-2014-562

GCVE-110-MAGEIA-2014-562
Advisory Published
Vulnetix · Advisory published December 31, 2014
Updated unzip package fix security vulnerabilities: The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues.

Affected Products

VendorProductVersionsPlatforms
Mageiaunzip0 (affected), 6.0-7.2.mga4 (unaffected)

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›