CVE-2023-46228 Information

Description

zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c lib/comp/zstd/zstd.c lib/dl/multipart.c or lib/header.c.

Reference

https://bugzilla.suse.com/show_bug.cgi?id=1216268 https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe https://github.com/zchunk/zchunk/compare/1.3.1…1.3.2