CVE-2014-8141

Publication date 28 December 2014

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

7.8 · High

Score breakdown

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

Status

Package Ubuntu Release Status
unzip 14.10 utopic
Fixed 6.0-12ubuntu1.1
14.04 LTS trusty
Fixed 6.0-9ubuntu1.1
12.04 LTS precise
Fixed 6.0-4ubuntu2.1
10.04 LTS lucid
Fixed 6.0-1ubuntu0.1

Severity score breakdown

Parameter Value
Base score 7.8 · High
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-2472-1
    • unzip vulnerabilities
    • 14 January 2015

Other references