info-zip 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー and vendor risk memory corruption があり、アーカイブ処理、ファイル処理, and 自動展開 の利用場面で vendor impact memory corruption and アプリケーションクラッシュ などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2013-5659 | Wiz 5.0.3 has a user mode write access violation | [email protected] | 7.5 | 1.25% | 2020-01-27 | 2026-06-16 |
| CVE-2018-1000034 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. | [email protected] | 9.1 | 1.44% | 2018-02-09 | 2026-06-16 |
| CVE-2018-1000033 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. | [email protected] | 9.1 | 1.83% | 2018-02-09 | 2026-06-16 |
| CVE-2018-1000032 | A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. | [email protected] | 7.8 | 1.30% | 2018-02-09 | 2026-06-16 |
| CVE-2018-1000031 | A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. | [email protected] | 7.8 | 1.35% | 2018-02-09 | 2026-06-16 |
| CVE-2015-1315 | Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. | [email protected] | 7.5 | 4.90% | 2015-02-23 | 2026-06-16 |
| CVE-2005-4667 | Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. | [email protected] | 3.7 | 1.48% | 2005-12-31 | 2026-06-16 |
| CVE-2005-2475 | Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. | [email protected] | 1.2 | 0.40% | 2005-08-05 | 2026-06-16 |
| CVE-2005-0602 | Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. | [email protected] | 6.2 | 0.40% | 2005-05-02 | 2026-06-16 |
| CVE-2004-1010 | Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname. | [email protected] | 10.0 | 9.25% | 2005-03-01 | 2026-06-16 |
| CVE-2003-0282 | Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. | [email protected] | 2.6 | 22.53% | 2003-06-16 | 2026-06-16 |
| CVE-2001-1269 | Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. | [email protected] | 2.1 | 0.50% | 2001-07-12 | 2026-06-16 |
| CVE-2001-1268 | Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. | [email protected] | 2.1 | 0.70% | 2001-07-12 | 2026-06-16 |