A flaw was found in ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. References: https://github.com/gdraheim/zziplib/issues/16
Created zziplib tracking bugs for this issue: Affects: fedora-all [bug 1598246]
Patch: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2196 https://access.redhat.com/errata/RHSA-2019:2196
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-6541