CVE-2015-1315

Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.

Published: Feb 23, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-1315
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	14.10	14.10.x
canonical / ubuntu_linux	14.04	14.04.x
info-zip / unzip	6.10b	6.10b.x

http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt
http://www.openwall.com/lists/oss-security/2015/02/17/4
http://www.ubuntu.com/usn/USN-2502-1
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120

Vulnerability Database

289,697

CVE-2015-1315