The package unzip before version 6.0-10 is vulnerable to heap buffer overflow leading to denial of service or possibly arbitrary code execution.
Arch Linux Security Advisory ASA-201503-9
========================================
Severity: High
Date : 2015-03-15
CVE-ID : CVE-2014-9636
Package : unzip
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE
Summary
======
The package unzip before version 6.0-10 is vulnerable to heap buffer
overflow leading to denial of service or possibly arbitrary code execution.
Resolution
=========
Upgrade to 6.0-10.
# pacman -Syu "unzip>=6.0-10"
The problems have not been fixed upstream but patches were added.
Workaround
=========
None.
Description
==========
A buffer overflow (out-of-bounds read or write) in test_compr_eb() in
extract.c was found in the way unzip handled an extra field with an
uncompressed size smaller than the compressed field size in a zip
archive that advertises STORED method compression. A specially crafted
Zip archive could cause unzip to crash or, possibly, execute arbitrary code.
Impact
=====
An attacker is able to execute arbitrary code or cause a denial of
service through a specially crafted zip file.
References
=========
;t=450
https://access.redhat.com/security/cve/CVE-2014-9636
https://bugs.archlinux.org/task/44171