Heap-based buffer overflow was found in charset_to_intern() function which can be used to write null-bytes out-of-bound when converting attacker-controlled strings to the local charset.
Acknowledgments: Name: R. Freingruber (SEC Consult Vulnerability Lab)
Statement: This issue did not affect the versions of unzip as shipped with Red Hat Enterprise Linux 5, 6, and 7, as they did not include the function charset_to_intern, or the code is different and does not contain the vulnerable part.
External References: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
Created unzip tracking bugs for this issue: Affects: fedora-all [bug 1543337]