An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which could lead to a denial of service attack.
Created zziplib tracking bugs for this issue:
Affects: fedora-all [bug 1626201]
Appears to have a very low impact. Easy to reproduce.
Untested, unclear if these completely fix the issue as the dev has not closed the upstream issue yet.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2196 https://access.redhat.com/errata/RHSA-2019:2196
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):