Fix CVE-2017-5981: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981 Patch copied from Debian. Index: zziplib-0.13.62/zzip/fseeko.c =================================================================== --- zziplib-0.13.62.orig/zzip/fseeko.c +++ zziplib-0.13.62/zzip/fseeko.c @@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk) } else continue; - assert(0 <= root && root < mapsize); + if (root < 0 || root >= mapsize) + goto error; if (fseeko(disk, root, SEEK_SET) == -1) goto error; if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk)