vulnerability

Ubuntu: (CVE-2017-1000472): poco vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:N/I:P/A:P)	Jan 3, 2018	Nov 19, 2024	Aug 19, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:P)

Published

Jan 3, 2018

Added

Nov 19, 2024

Modified

Aug 19, 2025

Description

The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".

Solution

ubuntu-upgrade-poco

References

CVE-2017-100047
https://attackerkb.com/topics/CVE-2017-100047
CWE-22
DEBIAN-DSA-4083
URL-https://github.com/pocoproject/poco/issues/1968
URL-https://www.cve.org/CVERecord?id=CVE-2017-1000472

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today