Security

Security Contact

If you find a security problem in libzip, contact us at info@libzip.org.

Security Advisories Affecting libzip

CVE-2017-14107

EOCD64 parsing problem.

Fixed in libzip 1.3.0.

CVE 2017-12858

Double free().

Fixed in libzip 1.3.0.

CVE-2015-2331

Fixed in libzip 1.0.

CVE-2012-1163

Fixed in libzip 0.10.1.

CVE-2012-1162

Fixed in libzip 0.10.1.

CVE-2011-0421

No security implications.

Fixed in libzip 0.10.

Security Reviews by Third Parties

We regularly run Coverity checks and fix reported issues.

In late 2023, a source code review and additional fuzzing was sponsored by OSTIF and done by Leviathan Security Group with our support.

Both OSTIF and Leviathan Security Group gave us permission to publish the results.