CVE-2023-48107

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 22, 2023
Updated: Dec 27, 2023
CWE ID 787

Summary

CVE-2023-48107 is a buffer overflow vulnerability affecting version 4.0.2 of minizip-ng, a compression library known as zlib-ng. An attacker can exploit this flaw by crafting a specially designed file and triggering the issue in the mz_path_has_slash function found in the mz_os.c file. Successful exploitation allows the execution of arbitrary code, posing a significant risk to systems utilizing this library. Updating to a patched version of minizip-ng is strongly recommended to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share