Heap-based out-of-bounds access in extract.c:ef_scan_for_stream() function due to missing length check when accessing data was found.
Name: R. Freingruber (SEC Consult Vulnerability Lab)
This issue did not affect the versions of unzip as shipped with Red Hat Enterprise Linux 5, 6, and 7, as they did not include support for ef_scan_for_stream function.
Created unzip tracking bugs for this issue:
Affects: fedora-all [bug 1543337]