Heap-based out-of-bounds write in fileio.c:set_zipfn_sgmnt_name() was found when archive filename does not contain a .zip suffix, possibly causing crash of application.
Acknowledgments: Name: R. Freingruber (SEC Consult Vulnerability Lab)
Statement: This issue did not affect the versions of unzip as shipped with Red Hat Enterprise Linux 5, 6, and 7, as they did not include support for set_zipfn_sgmnt_name function.
External References: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
Created unzip tracking bugs for this issue: Affects: fedora-all [bug 1543337]