CVE-2019-13453

Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile().
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
zipios_projectzipios
𝑥
< 0.1.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zipios++
sid
0.1.5.9+cvs.2007.04.28-11
fixed
trixie
0.1.5.9+cvs.2007.04.28-11
fixed
bookworm
0.1.5.9+cvs.2007.04.28-11
fixed
bullseye
0.1.5.9+cvs.2007.04.28-11
fixed
jessie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
flightcrew
disco
Fixed 0.7.2+dfsg-13ubuntu0.19.04.1
released
cosmic
Fixed 0.7.2+dfsg-12ubuntu0.1
released
bionic
Fixed 0.7.2+dfsg-10ubuntu0.1
released
xenial
Fixed 0.7.2+dfsg-6ubuntu0.1
released
trusty
dne
zipios++
disco
Fixed 0.1.5.9+cvs.2007.04.28-10ubuntu0.19.04.1
released
cosmic
Fixed 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.10.1
released
bionic
Fixed 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1
released
xenial
Fixed 0.1.5.9+cvs.2007.04.28-5.2ubuntu0.16.04.1
released
trusty
Fixed 0.1.5.9+cvs.2007.04.28-5.1ubuntu0.14.04.1~esm1
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/109282
https://lists.debian.org/debian-lts-announce/2022/05/msg00041.html
https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-2-of-3/
https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
http://www.securityfocus.com/bid/109282
https://lists.debian.org/debian-lts-announce/2022/05/msg00041.html
https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-2-of-3/
https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/