Aggregates CVE and security vulnerability intelligence across all picozip-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling, vendor risk buffer overflow, and vendor risk denial of service, with potential vendor impact application crash across vendor surface archive handling use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2007-2536 | PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | [email protected] | 7.8 | 5.17% | 2007-05-09 | 2026-04-23 |
| CVE-2007-1673 | unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | [email protected] | 7.8 | 1.42% | 2007-05-09 | 2026-04-23 |
| CVE-2007-2058 | Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive. | [email protected] | 6.8 | 0.68% | 2007-04-18 | 2026-04-23 |
| CVE-2006-2909 | Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive. | [email protected] | 7.5 | 26.17% | 2006-06-16 | 2026-04-16 |