← back
CVE-2008-0888

CVE-2008-0888

EPSS 6.3%
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
Affected products
info-zip · unzip

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.htmlhttp://secunia.com/advisories/29392http://secunia.com/advisories/29406http://secunia.com/advisories/29415http://secunia.com/advisories/29427http://secunia.com/advisories/29432http://secunia.com/advisories/29440http://secunia.com/advisories/29495http://secunia.com/advisories/29681http://secunia.com/advisories/30535http://secunia.com/advisories/31204