A buffer overflow vulnerability was found in "unzip -l" via list_files() in list.c. This issue is caught by fortify source. Original report from 2014: http://seclists.org/oss-sec/2014/q4/497 CVE assignment: http://seclists.org/oss-sec/2016/q4/601
This issue was previously reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1191136#c1 The issue was already corrected in Fedora unzip packages. This issue is not planned to be corrected in the unzip packages in Red Hat Enterprise Linux 5, 6, and 7, as the problem is caught by FORTIFY_SOURCE, limiting impact to a crash of the unzip command.
Related upstream forums discussion: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=529