CVE-2023-45853: overflows in MiniZip in zlib through 1.3
Open Source Security
Posted by Alan Coopersmith on Oct 20
CVE-2023-45853 was published last week for:
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based
buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or
extra field. NOTE: MiniZip is not a supported part of the zlib product.
where „long“ means „longer than can be stored in the 16-bit length value used
for the length of these fields“.
minizip is part of the contrib…