FreeBSD: VID-7764b219-8148-11e8-aa4d-000e0cd7b374 (CVE-2017-5975): zziplib - multiple vulnerabilities

NIST reports (by search in the range 2017/01/01 - 2018/07/06): 17 security fixes in this release: Heap-based buffer overflow in the __zzip_get32 function in fetch.c. Heap-based buffer overflow in the __zzip_get64 function in fetch.c. Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c. The zzip_mem_entry_new function in memdisk.c allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. The prescan_entry function in fseeko.c allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted ZIP file. The zzip_mem_entry_new function in memdisk.c cause a NULL pointer dereference and crash via a crafted ZIP file. seeko.c cause a denial of service (assertion failure and crash) via a crafted ZIP file. A segmentation fault caused by invalid memory access in the zzip_disk_fread function because the size variable is not validated against the amount of file->stored data. A memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. A bus error caused by loading of a misaligned address in the zzip_disk_findfirst function. An uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. A memory leak triggered in the function zzip_mem_disk_new in memdisk.c.