A HexView security advisory reports:
When zip performs recursive folder compression, it does
not check for the length of resulting path. If the path is
too long, a buffer overflow occurs leading to stack
corruption and segmentation fault. It is possible to
exploit this vulnerability by embedding a shellcode in
directory or file name. While the issue is not of primary
concern for regular users, it can be critical for
environments where zip archives are re-compressed
automatically using Info-Zip application.