Zlib Zlib

Do you want an email whenever new security vulnerabilities are reported in Zlib?

By the Year

In 2022 there have been 2 vulnerabilities in Zlib with an average score of 8.7 out of ten. Zlib did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 2 8.65
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Zlib vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Zlib Security Vulnerabilities

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field

CVE-2022-37434 9.8 - Critical - August 05, 2022

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Memory Corruption

zlib before 1.2.12 allows memory corruption when deflating (i.e

CVE-2018-25032 7.5 - High - March 25, 2022

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Memory Corruption

The crc32_big function in crc32.c in zlib 1.2.8 might

CVE-2016-9843 9.8 - Critical - May 23, 2017

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

inffast.c in zlib 1.2.8 might

CVE-2016-9841 9.8 - Critical - May 23, 2017

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

inftrees.c in zlib 1.2.8 might

CVE-2016-9840 8.8 - High - May 23, 2017

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file

CVE-2005-1849 - July 26, 2005

inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.

zlib 1.2 and later versions

CVE-2005-2096 - July 06, 2005

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x

CVE-2004-0797 - October 20, 2004

The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf

CVE-2003-0107 - March 07, 2003

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may

CVE-2002-0059 - March 15, 2002

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Zlib or by Zlib? Click the Watch button to subscribe.

Zlib
Vendor

Zlib
Product

subscribe