簡(jiǎn)介
An update for zziplib is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4
嚴(yán)重級(jí)別
High
主題
An update for zziplib is now available for
openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of
high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a
detailed severity rating, is available for each vulnerability from the
CVElink(s) in the References section.
描述
The zziplib is a lightweight library to easily extract data from zip
files. Applications can bundle files into a single zip archive and access them.
The implementation is based only on the (free) subset of compression with the
zlib algorithm which is actually used by the zip/unzip tools.
Security Fix(es):
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows
attackers to cause a denial of service via the __zzip_fetch_disk_trailer()
function at /zzip/zip.c.(CVE-2024-39134)
影響組件
Zziplib
CVE
CVE-2024-39134
參考鏈接
https://nvd.nist.gov/vuln/detail/CVE-2024-39134
后續(xù)改善計(jì)劃
寶德計(jì)算機(jī)會(huì)持續(xù)跟進(jìn)該漏洞的最新動(dòng)態(tài),請(qǐng)關(guān)注寶德計(jì)算機(jī)官網(wǎng)、官微公告有任何關(guān)于此漏洞修復(fù)的問題,可以通過以下方式聯(lián)系我們:
寶德計(jì)算機(jī)售后咨詢熱線:4008-870-872
寶德PSIRT郵箱:psirt@powerleadercom.cn
寶德計(jì)算機(jī)官網(wǎng):http://www.powerleadercom.cn
寶德服務(wù)器
寶德自強(qiáng)
4008-870-872
點(diǎn)擊咨詢
