Out-of-bounds Write The advisory has been revoked - it doesn't affect any version of package zziplib  (opens in a new tab)


Threat Intelligence

EPSS
2.03% (79th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Out-of-bounds Write vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CONAN-ZZIPLIB-10078593
  • published8 May 2025
  • disclosed1 Mar 2017
  • creditUnknown

Introduced: 1 Mar 2017

CVE-2017-5976  (opens in a new tab)
CWE-787  (opens in a new tab)

Amendment

This was deemed not a vulnerability.

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write. Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.

References