CVE-2020-24175 Information
Jun 07, 2022
cve
Description
Buffer overflow in Yz1 0.30 and 0.32 as used in IZArc 4.4 ZipGenius 6.3.2.3116 and Explzh (extension) 8.14 allows attackers to execute arbitrary code via a crafted archive file related to filename handling.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://gist.github.com/illikainen/ced14e08e00747fef613ba619bb25bb4 https://gist.github.com/illikainen/315a420a9c28cbe882e16b8eba40b2e1 https://illikainen.dev/advisories/014-yz1-izarc http://yz1.com
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: