CVE-2015-1315 Information

Description

Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string as demonstrated by converting a string from CP866 to UTF-8.

Reference

http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt http://www.openwall.com/lists/oss-security/2015/02/17/4 http://www.ubuntu.com/usn/USN-2502-1 https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120