CVE-2015-1315

high

Description

Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.

References

https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120

http://www.ubuntu.com/usn/USN-2502-1

http://www.openwall.com/lists/oss-security/2015/02/17/4

http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt

Details

Source: Mitre, NVD

Published: 2015-02-23

Updated: 2015-02-24

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H