pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
Critical severity
GitHub Reviewed
Published
Oct 14, 2023
to the GitHub Advisory Database
•
Updated Jan 24, 2024
Description
Published by the National Vulnerability Database
Oct 14, 2023
Published to the GitHub Advisory Database
Oct 14, 2023
Reviewed
Dec 18, 2023
Last updated
Jan 24, 2024
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.
pyminizip uses version 1.2.11 of zlib's code.
References