CVE-2008-0888

EPSS 19.0%

unzip - potential code execution

Published: 3/17/2008Modified: 4/28/2026

Description

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

Affected packages (2)

Debian/unzipfrom 0, < 5.52-11
Debian/unzipfrom 0, < 5.52-1sarge5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-0888