BID:23013

ZZipLib ZZip_Open_Shared_IO Stack Buffer Overflow Vulnerability

Info

ZZipLib ZZip_Open_Shared_IO Stack Buffer Overflow Vulnerability

Bugtraq ID:	23013
Class:	Boundary Condition Error
CVE:	CVE-2007-1614
Remote:	Yes
Local:	No
Published:	Mar 08 2007 12:00AM
Updated:	Jul 05 2007 11:27PM
Credit:	dmcox dmcox is credited with the discovery of this vulnerability.
Vulnerable:	ZZIPlib ZZIPlib 0.13.48 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Gentoo Linux

Not Vulnerable:	ZZIPlib ZZIPlib 0.13.49

Discussion

ZZipLib ZZip_Open_Shared_IO Stack Buffer Overflow Vulnerability

ZZIPlib is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue may allow attackers to execute arbitrary machine code in the context of applicaitons using the library. Failed exploit attempts will likely result in a denial-of-service condition.

Versions prior to 0.13.49 are vulnerable.

Exploit / POC

ZZipLib ZZip_Open_Shared_IO Stack Buffer Overflow Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to open a malicious zip file.

Solution / Fix

ZZipLib ZZip_Open_Shared_IO Stack Buffer Overflow Vulnerability

Solution:
The vendor has released version 0.13.49 to address this issue. Please see the references for more information.

References

ZZipLib ZZip_Open_Shared_IO Stack Buffer Overflow Vulnerability

References:

Changelog (ZZIPlib)
Vendor Homepage (ZZIPlib)