彙總 info-zip 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 緩衝區溢位與記憶體損壞,在 歸檔處理、檔案處理與自動化解壓 使用場景中可能帶來 記憶體損壞與應用程式崩潰 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2013-5659 | Wiz 5.0.3 has a user mode write access violation | [email protected] | 7.5 | 0.33% | 2020-01-27 | 2024-11-21 |
| CVE-2018-1000034 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. | [email protected] | 9.1 | 0.40% | 2018-02-09 | 2024-11-21 |
| CVE-2018-1000033 | An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. | [email protected] | 9.1 | 0.54% | 2018-02-09 | 2024-11-21 |
| CVE-2018-1000032 | A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. | [email protected] | 7.8 | 0.51% | 2018-02-09 | 2024-11-21 |
| CVE-2018-1000031 | A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. | [email protected] | 7.8 | 0.51% | 2018-02-09 | 2024-11-21 |
| CVE-2015-1315 | Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. | [email protected] | 7.5 | 10.61% | 2015-02-23 | 2026-05-06 |
| CVE-2005-4667 | Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. | [email protected] | 3.7 | 3.13% | 2005-12-31 | 2026-04-16 |
| CVE-2005-2475 | Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. | [email protected] | 1.2 | 0.06% | 2005-08-05 | 2026-04-16 |
| CVE-2005-0602 | Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. | [email protected] | 6.2 | 0.07% | 2005-05-02 | 2026-04-16 |
| CVE-2004-1010 | Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname. | [email protected] | 10.0 | 6.06% | 2005-03-01 | 2026-04-16 |
| CVE-2003-0282 | Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. | [email protected] | 2.6 | 21.13% | 2003-06-16 | 2026-04-16 |
| CVE-2001-1269 | Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. | [email protected] | 2.1 | 0.26% | 2001-07-12 | 2026-04-16 |
| CVE-2001-1268 | Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. | [email protected] | 2.1 | 0.70% | 2001-07-12 | 2026-04-16 |