Wind River Support Network


LIN6-10024 : Security Advisory - unzip - CVE-2014-8140

Created: Jun 16, 2015    Updated: Dec 3, 2018
Resolved Date: Jun 17, 2015
Previous ID: LIN5-20559
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


A correction fix is requested for :
CVE-2014-8140 unzip: out-of-bounds write issue in test_compr_eb() (oCERT-2014-011)

The write error shows a problem in extract.c:test_compr_eb(), which was not expecting an uncompressed size of zero for an EF_NTSD extra block.

Proposed changes:

extract.c:test_compr_eb() gets a new validity test.

which according to:

Other Downloads

Live chat