Vulnerabilities > Zlib
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-14 | CVE-2023-45853 | Integer Overflow or Wraparound vulnerability in Zlib MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. | 9.8 |
| 2022-08-05 | CVE-2022-37434 | Out-of-bounds Write vulnerability in multiple products zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. | 9.8 |
| 2022-03-25 | CVE-2018-25032 | Out-of-bounds Write vulnerability in multiple products zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | 7.5 |
| 2017-05-23 | CVE-2016-9843 | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | 9.8 |
| 2017-05-23 | CVE-2016-9841 | inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | 9.8 |
| 2017-05-23 | CVE-2016-9840 | inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | 8.8 |
| 2015-01-21 | CVE-2015-1191 | Path Traversal vulnerability in Zlib Pigz 2.3.1 Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. | 5.0 |
| 2014-04-27 | CVE-2013-0296 | Permissions, Privileges, and Access Controls vulnerability in Zlib Pigz Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring. | 4.4 |
| 2005-07-26 | CVE-2005-1849 | Unspecified vulnerability in Zlib 1.2.2 inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | 5.0 |
| 2005-07-06 | CVE-2005-2096 | Unspecified vulnerability in Zlib 1.2.0/1.2.1/1.2.2 zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | 7.5 |