CVE-2023-45853

pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency

Description

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.

pyminizip uses version 1.2.11 of zlib's code.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

APK

Publish Date

October 13, 2023

Modified Date

February 21, 2024

Score Vector

Affected Versions