Hello. I received this today from the Debian bug system. I'm forwarding it to the current maintainer, and also Mark Adler who maintains a fork in github.
[ Please keep the 979...@bugs.debian.org address when replying ] Thanks. ----- Forwarded message from Sirus Sh <sirus.shah...@gmail.com> ----- Date: Mon, 11 Jan 2021 16:46:43 -0700 From: Sirus Sh <sirus.shah...@gmail.com> To: sub...@bugs.debian.org Subject: Bug#979857: Memory corruption and hang in unzip Package: unzip Version: 6.0-25 During the development and evaluation of our fuzzer, we found multiple bugs in the last version of unzip. I have attached three inputs (in a tar file) that can crash unzip because of these issues: 1- Out of bound read in crc32.c 2- Integer overflow in fileio.c 3- Invalid pointer dereference in process.c 4- Program hangs in extract.c (BZ2_bzDecompress in bzlib.c doesn't return properly). The first crashing input (crash000_opt_a_SIGSEGV) needs "-a" argument to crash the program. If you can get any CVE number to assign to these bugs, please let me know so that we mention the numbers in our paper. Also if you have any question or need to discuss these further, feel free to send me a message. -- Best Regards Sirus Shahini ----- End forwarded message -----
zharf_crashes.tgz
Description: application/gtar-compressed
