簡介
An update for zziplib is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4
嚴重級別
High
主題
An update for zziplib is now available for
openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of
high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a
detailed severity rating, is available for each vulnerability from the
CVElink(s) in the References section.
描述
The zziplib is a lightweight library to easily extract data from zip
files. Applications can bundle files into a single zip archive and access them.
The implementation is based only on the (free) subset of compression with the
zlib algorithm which is actually used by the zip/unzip tools.
Security Fix(es):
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows
attackers to cause a denial of service via the __zzip_fetch_disk_trailer()
function at /zzip/zip.c.(CVE-2024-39134)
影響組件
Zziplib
CVE
CVE-2024-39134
參考鏈接
https://nvd.nist.gov/vuln/detail/CVE-2024-39134
后續(xù)改善計劃
寶德計算機會持續(xù)跟進該漏洞的最新動態(tài),請關(guān)注寶德計算機官網(wǎng)、官微公告有任何關(guān)于此漏洞修復(fù)的問題,可以通過以下方式聯(lián)系我們:
寶德計算機售后咨詢熱線:4008-870-872
寶德PSIRT郵箱:psirt@powerleadercom.cn
寶德計算機官網(wǎng):http://www.powerleadercom.cn
寶德服務(wù)器
寶德自強
4008-870-872
點擊咨詢
