A heap-based buffer overflow vulnerability in hashcat v7.1.2's PKZIP hash parser allows attackers to cause denial of service or execute arbitrary code through crafted PKZIP hash files. The vulnerability exists in the hex_to_binary function where attacker-controlled hex data is decoded into a fixed-size buffer without proper input validation. The issue affects multiple hashcat modules (17200, 17210, 17220, 17225, and 17230) when data_type_enum is less than or equal to 1. This vulnerability poses a significant risk as it can lead to arbitrary code execution in a widely-used password recovery tool.