CVE-2014-8139 in Unzipproject and Red Hat Products
Published on January 31, 2020

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

NVD

Products Associated with CVE-2014-8139

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2014-8139 are published in these products:

Unzipproject Unzip

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Workstation

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Server Eus

Red Hat Enterprise Linux Server Tus

Affected Versions

Info-ZIP UnZip Version 6.0 and earlier is affected by CVE-2014-8139

Exploit Probability

EPSS

8.07%

Percentile

91.98%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2014-8139 in Unzipproject and Red Hat ProductsPublished on January 31, 2020

Products Associated with CVE-2014-8139

Affected Versions

Exploit Probability

CVE-2014-8139 in Unzipproject and Red Hat Products
Published on January 31, 2020