ZZIPlib through version 0.13.68 does not correctly validate input values used in zip.c:__zzip_parse_root_directory() as parameters to mmap. Remote attackers could leverage this vulnerability to cause a Denial of Service via a crafted zip file. Upstream Issue: https://github.com/gdraheim/zziplib/issues/41 https://github.com/gdraheim/zziplib/issues/27 Upstream patches: https://github.com/gdraheim/zziplib/commit/8f48323c181e20b7e527b8be7229d6eb1148ec5f https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b
Created zziplib tracking bugs for this issue: Affects: fedora-all [bug 1554673]
*** Bug 1545813 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3229 https://access.redhat.com/errata/RHSA-2018:3229