unzip_project CVE Vulnerabilities & Metrics

Focus on unzip_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About unzip_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with unzip_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total unzip_project CVEs: 15
Earliest CVE date: 06 Feb 2015, 15:59 UTC
Latest CVE date: 27 Dec 2022, 22:15 UTC

Latest CVE reference: CVE-2020-36561

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical unzip_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.17

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	10
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS unzip_project CVEs

These are the five CVEs with the highest CVSS scores for unzip_project, sorted by severity first and recency.

CVE-2014-8141 unzip_project Published on 31 Jan 2020, 23:15 UTC (CVSS: 6.8)
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVE-2014-8140 unzip_project Published on 31 Jan 2020, 22:15 UTC (CVSS: 6.8)
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVE-2014-8139 unzip_project Published on 31 Jan 2020, 22:15 UTC (CVSS: 6.8)
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVE-2018-1000035 unzip_project Published on 09 Feb 2018, 23:29 UTC (CVSS: 6.8)
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
CVE-2015-7696 unzip_project Published on 06 Nov 2015, 18:59 UTC (CVSS: 6.8)
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.

All CVEs for unzip_project

CVE-2020-36561 unzip_project vulnerability CVSS: 0 27 Dec 2022, 22:15 UTC

Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

CVE-2021-4217 unzip_project vulnerability CVSS: 0 24 Aug 2022, 16:15 UTC

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2022-0530 unzip_project vulnerability CVSS: 4.3 09 Feb 2022, 23:15 UTC

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2022-0529 unzip_project vulnerability CVSS: 4.3 09 Feb 2022, 23:15 UTC

CVE-2014-8141 unzip_project vulnerability CVSS: 6.8 31 Jan 2020, 23:15 UTC

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

CVE-2014-8140 unzip_project vulnerability CVSS: 6.8 31 Jan 2020, 22:15 UTC

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

CVE-2014-8139 unzip_project vulnerability CVSS: 6.8 31 Jan 2020, 22:15 UTC

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

CVE-2019-13232 unzip_project vulnerability CVSS: 2.1 04 Jul 2019, 13:15 UTC

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.

CVE-2018-18384 unzip_project vulnerability CVSS: 4.3 16 Oct 2018, 16:50 UTC

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.

CVE-2018-1000035 unzip_project vulnerability CVSS: 6.8 09 Feb 2018, 23:29 UTC

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.

CVE-2016-9844 unzip_project vulnerability CVSS: 2.1 18 Jan 2017, 17:59 UTC

Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.

CVE-2014-9913 unzip_project vulnerability CVSS: 2.1 18 Jan 2017, 17:59 UTC

Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.

CVE-2015-7697 unzip_project vulnerability CVSS: 4.3 06 Nov 2015, 18:59 UTC

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.

CVE-2015-7696 unzip_project vulnerability CVSS: 6.8 06 Nov 2015, 18:59 UTC

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.

CVE-2014-9636 unzip_project vulnerability CVSS: 5.0 06 Feb 2015, 15:59 UTC

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.