CVE-2007-1614 — zziplib - arbitrary code execution

Description

Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename.

How to fix CVE-2007-1614

To remediate CVE-2007-1614, upgrade the affected package to a fixed version below.

Debian/zziplib—upgrade to 0.13.49-0 or later
Debian/zziplib—upgrade to 0.12.83-8lenny1 or later

Is CVE-2007-1614 being exploited?

Moderate — EPSS is 6.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 0.13.49-0
from 0, < 0.12.83-8lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-1614