vulnerability

Ubuntu: (CVE-2017-1000472): poco vulnerability

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:P)

Published

Jan 3, 2018

Added

Nov 19, 2024

Modified

Apr 16, 2026

Description

The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".

Solution

ubuntu-upgrade-poco

References

CVE-2017-100047
https://attackerkb.com/topics/CVE-2017-100047
CWE-22
DEBIAN-DSA-4083
EUVD-EUVD-2017-1597
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-1597
https://github.com/pocoproject/poco/issues/1968
https://www.cve.org/CVERecord?id=CVE-2017-1000472

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report