CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c
https://notcve.org/view.php?id=CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus •
CVE-2005-1849 – zlib DoS
https://notcve.org/view.php?id=CVE-2005-1849
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. inftrees.h en zlib 1.2.2 permite que atacantes remotos realizen una dengación de servicio (caída de la aplicación) mediante un fichero inválido que hace que se produzca un arbol dinámico muy grande. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://secunia.com/advisories/16137 http://secunia.com/advisories/17326 http://secunia.com/advisories/17516 http://secunia.com/advisories/18377 http://secunia.com/advisories/19334 http://secunia.com/advisories/19550 http://secunia.com/advisories/19597 http: •
CVE-2005-2096 – zlib DoS
https://notcve.org/view.php?id=CVE-2005-2096
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://secunia.com/advisories/15949 http://secunia.com/advisories/17054 http://secunia.com/advisories/17225 •
CVE-2004-0797
https://notcve.org/view.php?id=CVE-2004-0797
The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). El manejo de errores en las funciones (1) inflate y (2) inflateBack de la biblioteca de compresión Zlib 1.2.x permite a usuarios locales causar una denegación de servicio (caída de aplicación). • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17/SCOSA-2004.17.txt http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=252253 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000865 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000878 http://marc.info/?l=bugtraq&m=109353792914900&w=2 http://secunia.com/advisories/11129 http://secunia.com/advisories/17054 http://secunia& •
CVE-2003-0107 – Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun
https://notcve.org/view.php?id=CVE-2003-0107
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. Desbordamiento de búfer en la función gzprintf de zlib 1.1.4, cuando zlib es compilado sin vsnprintf o cuando entradas largas son truncadas mediante vsnprintf, lo que permite a atacantes, causar Denegación de Servicio o la posibilidad de ejecutar código remoto. • https://www.exploit-db.com/exploits/22273 https://www.exploit-db.com/exploits/22274 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619 http://jvn.jp/en/jp/JVN78689801/index.html http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html http://lists.apple.com/mhonarc/security-announce/msg00038.html http://marc.i •