MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.
pyminizip uses version 1.2.11 of zlib's code.
{ "nvd_published_at": "2023-10-14T02:15:09Z", "cwe_ids": [ "CWE-190" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-12-18T19:33:06Z" }