A flaw was found in ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
Created zziplib tracking bugs for this issue:
Affects: fedora-all [bug 1598246]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2196 https://access.redhat.com/errata/RHSA-2019:2196
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):