Total vulnerabilities in the database
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
| Software | From | Fixed in |
|---|---|---|
| canonical / ubuntu_linux | 7.04 | 7.04.x |
| canonical / ubuntu_linux | 7.10 | 7.10.x |
| canonical / ubuntu_linux | 6.10 | 6.10.x |
| canonical / ubuntu_linux | 6.06 | 6.06.x |
| apple / mac_os_x | - | 10.6.3 |
| debian / debian_linux | 4.0 | 4.0.x |
| unzip_project / unzip | - | 6.0 |