Package: unzip Version: 6.0-25 During the development and evaluation of our fuzzer, we found multiple bugs in the last version of unzip. I have attached three inputs (in a tar file) that can crash unzip because of these issues:
1- Out of bound read in crc32.c 2- Integer overflow in fileio.c 3- Invalid pointer dereference in process.c 4- Program hangs in extract.c (BZ2_bzDecompress in bzlib.c doesn't return properly). The first crashing input (crash000_opt_a_SIGSEGV) needs "-a" argument to crash the program. If you can get any CVE number to assign to these bugs, please let me know so that we mention the numbers in our paper. Also if you have any question or need to discuss these further, feel free to send me a message. -- Best Regards Sirus Shahini
zharf_crashes.tgz
Description: application/gtar-compressed
signature.asc
Description: PGP signature