Zlib

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-14	CVE-2023-45853	Integer Overflow or Wraparound vulnerability in Zlib MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. network low complexity zlib CWE-190 critical	9.8
2022-08-05	CVE-2022-37434	Out-of-bounds Write vulnerability in multiple products zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. network low complexity zlib fedoraproject debian netapp apple stormshield CWE-787 critical	9.8
2022-03-25	CVE-2018-25032	Out-of-bounds Write vulnerability in multiple products zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. network low complexity zlib debian fedoraproject apple python mariadb netapp siemens azul goto CWE-787	7.5
2017-05-23	CVE-2016-9843	The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. network low complexity zlib opensuse debian canonical oracle redhat apple netapp mariadb nodejs critical	9.8
2017-05-23	CVE-2016-9841	inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. network low complexity zlib opensuse debian canonical oracle redhat apple netapp nodejs critical	9.8
2017-05-23	CVE-2016-9840	inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. network low complexity zlib opensuse debian canonical oracle redhat apple nodejs	8.8
2005-07-26	CVE-2005-1849	Unspecified vulnerability in Zlib 1.2.2 inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. network low complexity zlib	5.0
2005-07-06	CVE-2005-2096	Unspecified vulnerability in Zlib 1.2.0/1.2.1/1.2.2 zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. network low complexity zlib	7.5
2004-10-20	CVE-2004-0797	Unspecified vulnerability in Zlib 1.2.1 The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). local low complexity zlib	2.1
2003-03-07	CVE-2003-0107	Unspecified vulnerability in Zlib 1.1.4 Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. network low complexity zlib	7.5