zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.
The product does not handle or incorrectly handles an exceptional condition.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Zip4j | Zip4j_project | * | 2.10.0 (excluding) |
Zip4j | Ubuntu | impish | * |
Zip4j | Ubuntu | kinetic | * |
Zip4j | Ubuntu | lunar | * |
Zip4j | Ubuntu | mantic | * |
Zip4j | Ubuntu | trusty | * |
Zip4j | Ubuntu | xenial | * |