CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48106
https://notcve.org/view.php?id=CVE-2023-48106
22 Nov 2023 — Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file. Vulnerabilidad de desbordamiento del búfer en zlib-ng minizip-ng v.4.0.2 permite a un atacante ejecutar código arbitrario a través de un archivo manipulado en la función mz_path_resolve en el archivo mz_os.c. • https://github.com/zlib-ng/minizip-ng/issues/740 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48107
https://notcve.org/view.php?id=CVE-2023-48107
22 Nov 2023 — Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file. Vulnerabilidad de desbordamiento del búfer en zlib-ng minizip-ng v.4.0.2 permite a un atacante ejecutar código arbitrario a través de un archivo manipulado en la función mz_path_has_slash en el archivo mz_os.c. • https://github.com/zlib-ng/minizip-ng/issues/739 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-45853 – zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6
https://notcve.org/view.php?id=CVE-2023-45853
14 Oct 2023 — MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. MiniZip en zlib hasta 1.3 tiene un desbordamiento de enteros y un desbordamiento de búfer basado en montón resultante en zipOpe... • http://www.openwall.com/lists/oss-security/2023/10/20/9 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 92%CPEs: 31EXPL: 5CVE-2022-37434 – zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
https://notcve.org/view.php?id=CVE-2022-37434
05 Aug 2022 — zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). zlib versiones hasta 1.2.12, presenta una lectura excesiva de búfer en la región heap de la memoria o desbordamiento de búfer en el archivo inflate.c por medio de un cam... • https://github.com/xen0bit/CVE-2022-37434_poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 71EXPL: 4CVE-2018-25032 – zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
https://notcve.org/view.php?id=CVE-2018-25032
25 Mar 2022 — zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. zlib versiones anteriores a 1.2.12 permite la corrupción de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payload... • https://github.com/Trinadh465/external_zlib_4.4_CVE-2018-25032 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 12%CPEs: 36EXPL: 0CVE-2016-9840 – zlib: Out-of-bounds pointer arithmetic in inftrees.c
https://notcve.org/view.php?id=CVE-2016-9840
23 Jan 2017 — inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Inftrees.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado al aprovechar la aritmética de puntero incorrecta. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. It ... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 9.8EPSS: 19%CPEs: 62EXPL: 0CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c
https://notcve.org/view.php?id=CVE-2016-9841
23 Jan 2017 — inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. It was d... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 9.8EPSS: 9%CPEs: 46EXPL: 0CVE-2016-9843 – zlib: Big-endian out-of-bounds pointer
https://notcve.org/view.php?id=CVE-2016-9843
23 Jan 2017 — The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. La función crc32_big en crc32.c in zlib 1.2.8 podría permitir que atacantes dependientes del contexto causen impactos no especificados mediante vectores que implican cálculos CRC big-endian. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1191
https://notcve.org/view.php?id=CVE-2015-1191
21 Jan 2015 — Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. Múltiples vulnerabilidades de salto de directorio en pigz 2.3.1 permiten a atacantes remotos escribir a ficheros arbitrarios a través de un (1) nombre de ruta completo o (2) .. (punto punto) en un archivo. • http://lists.opensuse.org/opensuse-updates/2016-03/msg00013.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0296
https://notcve.org/view.php?id=CVE-2013-0296
27 Apr 2014 — Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring. Condición de carrera en pigz anterior a 2.2.5 utiliza permisos derivados del umask cuando comprime un archivo antes de configurar los permisos de este archivo para conformar con los del archivo original, lo que podría permitir a usuario... • http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.html • CWE-264: Permissions, Privileges, and Access Controls •