This page lists publicly disclosed CVE vulnerabilities affecting info-zip unzip (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-1000034 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. | [email protected] | 9.1 | 0.40% | 2018-02-09 | 2024-11-21 |
| CVE-2018-1000033 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. | [email protected] | 9.1 | 0.54% | 2018-02-09 | 2024-11-21 |
| CVE-2018-1000032 | A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. | [email protected] | 7.8 | 0.51% | 2018-02-09 | 2024-11-21 |
| CVE-2018-1000031 | A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. | [email protected] | 7.8 | 0.51% | 2018-02-09 | 2024-11-21 |
| CVE-2015-1315 | Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. | [email protected] | 7.5 | 10.61% | 2015-02-23 | 2026-05-06 |
| CVE-2005-4667 | Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. | [email protected] | 3.7 | 3.13% | 2005-12-31 | 2026-04-16 |
| CVE-2005-2475 | Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. | [email protected] | 1.2 | 0.06% | 2005-08-05 | 2026-04-16 |
| CVE-2005-0602 | Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. | [email protected] | 6.2 | 0.07% | 2005-05-02 | 2026-04-16 |
| CVE-2003-0282 | Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. | [email protected] | 2.6 | 21.13% | 2003-06-16 | 2026-04-16 |
| CVE-2001-1269 | Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. | [email protected] | 2.1 | 0.26% | 2001-07-12 | 2026-04-16 |
| CVE-2001-1268 | Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. | [email protected] | 2.1 | 0.70% | 2001-07-12 | 2026-04-16 |