zziplib is vulnerable to denial of service (DoS) attacks. Attackers can trigger heap-based buffer overflow through a ZIP file in the __zzip_get32
function in fetch.c.
www.debian.org/security/2017/dsa-3878
www.openwall.com/lists/oss-security/2017/02/14/3
www.securityfocus.com/bid/96268
blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/
github.com/asarubbo/poc/blob/master/00150-zziplib-heapoverflow-__zzip_get32
www.openwall.com/lists/oss-security/2017/02/14/3