CVE-2014-9636

EPSS 58.4%

unzip - security update

Published: 2/6/2015Modified: 12/3/2025

Also known as:ALPINE-CVE-2014-9636DEBIAN-CVE-2014-9636

Description

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

Affected packages (3)

Alpine/unzipfrom 0, < 6.0-r3
Debian/unzipfrom 0, < 6.0-15
Debian/unzipfrom 0, < 6.0-8+deb7u2

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2014-9636
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9636