suse · CVE-2018-6541

Quick triage

Priority: medium Published: 2021-05-30 14:10:44 UTC Updated: 2024-06-12 00:54:08 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-6541 severity moderate: SUSE including 6 source package names (libzzip-0-13, zziplib, zziplib-0.13.62-11.el7, zziplib-devel, zziplib-devel-0.13.62-11.el7, zziplib-utils-0.13.62-11.el7), 15 product×package rows across 6 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise Desktop 12 SP3, … (6 product lines)): Known Not Affected 12, Fixed 3.

Description:

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

cvelogic Threat Intelligence