A null pointer dereference was found in unzip. The bug appears to be located in the code responsible for handling Unicode strings. This allows an attacker to perform a denial of service and possibly opens up other attack vectors.
Created unzip tracking bugs for this issue:
Affects: fedora-all [bug 2046940]
The unzip command is not used to provide any of our services. The services that work with zip archives utilize libraries that are specific to their language. AFAIK this tool does not provide a widely used library.