libzip security update
empty zip archives could crash programs using libzip
(CVE-2011-0421).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4188
Fixed bugs
bnc#681193
VUL-0: libzip NULL deref
CVE#CVE-2011-0421
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference)
