EPSS
Percentile
70.4%
zziplib is vulnerable to denial of service (DoS) attacks. Attackers are able to cause invalid memory reads and crashes through a ZIP file when it is processed in the zzip_mem_entry_extra_block function in memdisk.c.
blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/
github.com/asarubbo/poc/blob/master/00153-zziplib-invalidread-zzip_mem_entry_extra_block
www.openwall.com/lists/oss-security/2017/02/14/3