zlib module for .zsav files has security issues
Issue #61
new
"zlib is vulnerable to a denial of service, caused by a big-endian out-of-bounds pointer. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service." Source: IBM Security Bulletin, June 2017.
One solution would be to disable .zsav by default, and perhaps only enable by setting anenvironment variable SAVRW_ZSAV_OK. Another solution would be to upgrade the I/O modules, but this is problematic because later versions also support encrypted files, which have their own .dll/.so files. Loading them easily in a cross-platform way is not so easy.