zziplib is vulnerable to denial of service (DoS) attacks. Attackers can trigger heap-based buffer overflow through a ZIP file in the __zzip_get64 function in fetch.c.
www.debian.org/security/2017/dsa-3878
www.openwall.com/lists/oss-security/2017/02/14/3
www.securityfocus.com/bid/96268
blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/
github.com/asarubbo/poc/blob/master/00152-zziplib-heapoverflow-zzip_mem_entry_extra_block
www.openwall.com/lists/oss-security/2017/02/14/3