CVE-2008-0888

Summary

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

Affected Software

VendorProductVersion RangeStatus
info-zipunzip0 < 6.0affected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

References