MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
Max CVSS
9.8
EPSS Score
0.12%
Published
2023-10-14
Updated
2024-01-24
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Max CVSS
9.8
EPSS Score
0.34%
Published
2022-08-05
Updated
2023-07-19
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Max CVSS
7.5
EPSS Score
0.28%
Published
2022-03-25
Updated
2023-08-04
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Max CVSS
9.8
EPSS Score
1.38%
Published
2017-05-23
Updated
2022-08-16
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Max CVSS
9.8
EPSS Score
1.16%
Published
2017-05-23
Updated
2022-08-16
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Max CVSS
8.8
EPSS Score
1.35%
Published
2017-05-23
Updated
2022-08-16
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
Max CVSS
5.0
EPSS Score
1.15%
Published
2015-01-21
Updated
2016-12-03
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.
Max CVSS
4.4
EPSS Score
0.04%
Published
2014-04-27
Updated
2014-04-28
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
Max CVSS
7.5
EPSS Score
5.89%
Published
2005-07-06
Updated
2022-06-22
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
Max CVSS
5.0
EPSS Score
11.38%
Published
2005-07-26
Updated
2022-06-22
The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).
Max CVSS
2.1
EPSS Score
39.13%
Published
2004-10-20
Updated
2022-06-22
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
Max CVSS
7.5
EPSS Score
7.48%
Published
2003-03-07
Updated
2022-06-22
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
Max CVSS
9.8
EPSS Score
47.29%
Published
2002-03-15
Updated
2024-02-02
13 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!