Vulnerability Description
Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile().
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zipios Project | Zipios | < 0.1.7 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/109282Third Party AdvisoryVDB Entry
- https://lists.debian.org/debian-lts-announce/2022/05/msg00041.html
- https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilPatchThird Party Advisory
- https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/PatchThird Party Advisory
- http://www.securityfocus.com/bid/109282Third Party AdvisoryVDB Entry
- https://lists.debian.org/debian-lts-announce/2022/05/msg00041.html
- https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilPatchThird Party Advisory
- https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/PatchThird Party Advisory
FAQ
What is CVE-2019-13453?
CVE-2019-13453 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Z...
How severe is CVE-2019-13453?
CVE-2019-13453 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13453?
Check the references section above for vendor advisories and patch information. Affected products include: Zipios Project Zipios.