Vulnerabilities > Zlib > Zlib
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-14 | CVE-2023-45853 | Integer Overflow or Wraparound vulnerability in Zlib MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. | 9.8 |
2022-08-05 | CVE-2022-37434 | Out-of-bounds Write vulnerability in multiple products zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. | 9.8 |
2022-03-25 | CVE-2018-25032 | Out-of-bounds Write vulnerability in multiple products zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | 7.5 |
2017-05-23 | CVE-2016-9843 | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | 9.8 |
2017-05-23 | CVE-2016-9841 | inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | 9.8 |
2017-05-23 | CVE-2016-9840 | inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | 8.8 |
2005-07-26 | CVE-2005-1849 | Unspecified vulnerability in Zlib 1.2.2 inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | 5.0 |
2005-07-06 | CVE-2005-2096 | Unspecified vulnerability in Zlib 1.2.0/1.2.1/1.2.2 zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | 7.5 |
2004-10-20 | CVE-2004-0797 | Unspecified vulnerability in Zlib 1.2.1 The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). | 2.1 |
2003-03-07 | CVE-2003-0107 | Unspecified vulnerability in Zlib 1.1.4 Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. | 7.5 |