汇总 info-zip 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 缓冲区溢出与内存损坏,在 归档处理、文件处理与自动化解压 使用场景中可能带来 内存损坏与应用崩溃 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2013-5659 | Wiz 5.0.3 has a user mode write access violation | [email protected] | 7.5 | 1.25% | 2020-01-27 | 2026-06-16 |
| CVE-2018-1000034 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. | [email protected] | 9.1 | 1.44% | 2018-02-09 | 2026-06-16 |
| CVE-2018-1000033 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. | [email protected] | 9.1 | 1.83% | 2018-02-09 | 2026-06-16 |
| CVE-2018-1000032 | A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. | [email protected] | 7.8 | 1.30% | 2018-02-09 | 2026-06-16 |
| CVE-2018-1000031 | A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. | [email protected] | 7.8 | 1.35% | 2018-02-09 | 2026-06-16 |
| CVE-2015-1315 | Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. | [email protected] | 7.5 | 4.90% | 2015-02-23 | 2026-06-16 |
| CVE-2005-4667 | Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. | [email protected] | 3.7 | 1.48% | 2005-12-31 | 2026-06-16 |
| CVE-2005-2475 | Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. | [email protected] | 1.2 | 0.40% | 2005-08-05 | 2026-06-16 |
| CVE-2005-0602 | Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. | [email protected] | 6.2 | 0.40% | 2005-05-02 | 2026-06-16 |
| CVE-2004-1010 | Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname. | [email protected] | 10.0 | 9.25% | 2005-03-01 | 2026-06-16 |
| CVE-2003-0282 | Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. | [email protected] | 2.6 | 22.53% | 2003-06-16 | 2026-06-16 |
| CVE-2001-1269 | Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. | [email protected] | 2.1 | 0.50% | 2001-07-12 | 2026-06-16 |
| CVE-2001-1268 | Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. | [email protected] | 2.1 | 0.70% | 2001-07-12 | 2026-06-16 |