CVSS: 9.8EPSS: 1%CPEs: 46EXPL: 0CVE-2016-9843 – zlib: Big-endian out-of-bounds pointer
https://notcve.org/view.php?id=CVE-2016-9843
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. La función crc32_big en crc32.c in zlib 1.2.8 podría permitir que atacantes dependientes del contexto causen impactos no especificados mediante vectores que implican cálculos CRC big-endian. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus •
CVSS: 9.8EPSS: 1%CPEs: 62EXPL: 0CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c
https://notcve.org/view.php?id=CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 0CVE-2005-2096 – zlib DoS
https://notcve.org/view.php?id=CVE-2005-2096
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://secunia.com/advisories/15949 http://secunia.com/advisories/17054 http://secunia.com/advisories/17225 •
CVSS: 2.1EPSS: 39%CPEs: 1EXPL: 0CVE-2004-0797
https://notcve.org/view.php?id=CVE-2004-0797
The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). El manejo de errores en las funciones (1) inflate y (2) inflateBack de la biblioteca de compresión Zlib 1.2.x permite a usuarios locales causar una denegación de servicio (caída de aplicación). • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17/SCOSA-2004.17.txt http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=252253 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000865 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000878 http://marc.info/?l=bugtraq&m=109353792914900&w=2 http://secunia.com/advisories/11129 http://secunia.com/advisories/17054 http://secunia& •