CVE-2014-9913

MEDIUM4.0EPSS 4.6%

unzip - security update

Published: 1/18/2017Modified: 12/3/2025

Also known as:ALPINE-CVE-2014-9913DEBIAN-CVE-2014-9913

Description

Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.

Affected packages (3)

Alpine/unzipfrom 0, < 6.0-r3
Debian/unzipfrom 0, < 6.0-21
Debian/unzipfrom 0, < 6.0-8+deb7u6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.0	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2014-9913
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9913