CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45853 – zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6
https://notcve.org/view.php?id=CVE-2023-45853
14 Oct 2023 — MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. MiniZip en zlib hasta 1.3 tiene un desbordamiento de enteros y un desbordamiento de búfer basado en montón resultante en zipOpe... • http://www.openwall.com/lists/oss-security/2023/10/20/9 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 92%CPEs: 31EXPL: 5CVE-2022-37434 – zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
https://notcve.org/view.php?id=CVE-2022-37434
05 Aug 2022 — zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). zlib versiones hasta 1.2.12, presenta una lectura excesiva de búfer en la región heap de la memoria o desbordamiento de búfer en el archivo inflate.c por medio de un cam... • https://github.com/xen0bit/CVE-2022-37434_poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 71EXPL: 4CVE-2018-25032 – zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
https://notcve.org/view.php?id=CVE-2018-25032
25 Mar 2022 — zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. zlib versiones anteriores a 1.2.12 permite la corrupción de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payload... • https://github.com/Trinadh465/external_zlib_4.4_CVE-2018-25032 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 9%CPEs: 46EXPL: 0CVE-2016-9843 – zlib: Big-endian out-of-bounds pointer
https://notcve.org/view.php?id=CVE-2016-9843
23 Jan 2017 — The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. La función crc32_big en crc32.c in zlib 1.2.8 podría permitir que atacantes dependientes del contexto causen impactos no especificados mediante vectores que implican cálculos CRC big-endian. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 8.8EPSS: 12%CPEs: 36EXPL: 0CVE-2016-9840 – zlib: Out-of-bounds pointer arithmetic in inftrees.c
https://notcve.org/view.php?id=CVE-2016-9840
23 Jan 2017 — inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Inftrees.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado al aprovechar la aritmética de puntero incorrecta. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. It ... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 9.8EPSS: 19%CPEs: 62EXPL: 0CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c
https://notcve.org/view.php?id=CVE-2016-9841
23 Jan 2017 — inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. It was d... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 0CVE-2005-1849 – zlib DoS
https://notcve.org/view.php?id=CVE-2005-1849
26 Jul 2005 — inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. inftrees.h en zlib 1.2.2 permite que atacantes remotos realizen una dengación de servicio (caída de la aplicación) mediante un fichero inválido que hace que se produzca un arbol dinámico muy grande. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt •
CVSS: 7.5EPSS: 48%CPEs: 3EXPL: 0CVE-2005-2096 – zlib DoS
https://notcve.org/view.php?id=CVE-2005-2096
06 Jul 2005 — zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0797
https://notcve.org/view.php?id=CVE-2004-0797
14 Sep 2004 — The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). El manejo de errores en las funciones (1) inflate y (2) inflateBack de la biblioteca de compresión Zlib 1.2.x permite a usuarios locales causar una denegación de servicio (caída de aplicación). • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt •
CVSS: 9.8EPSS: 23%CPEs: 1EXPL: 3CVE-2003-0107 – Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun
https://notcve.org/view.php?id=CVE-2003-0107
07 Mar 2003 — Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. Desbordamiento de búfer en la función gzprintf de zlib 1.1.4, cuando zlib es compilado sin vsnprintf o cuando entradas largas son truncadas mediante vsnprintf, lo que permite a atacantes, causar Denegación de Servicio o la posibilidad de ejecutar código remoto. • https://www.exploit-db.com/exploits/22273 •