Vulnerabilities (CVE)

Filtered by vendor Zlib Subscribe
Filtered by product Zlib
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9843 8 Apple, Canonical, Debian and 5 more 22 Iphone Os, Mac Os X, Tvos and 19 more 2022-06-22 7.5 HIGH 9.8 CRITICAL
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-9841 8 Apple, Canonical, Debian and 5 more 38 Iphone Os, Mac Os X, Tvos and 35 more 2022-06-22 7.5 HIGH 9.8 CRITICAL
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9840 7 Apple, Canonical, Debian and 4 more 18 Iphone Os, Mac Os X, Tvos and 15 more 2022-06-22 6.8 MEDIUM 8.8 HIGH
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2004-0797 1 Zlib 1 Zlib 2022-06-22 2.1 LOW N/A
The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).
CVE-2003-0107 1 Zlib 1 Zlib 2022-06-22 7.5 HIGH N/A
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
CVE-2005-2096 1 Zlib 1 Zlib 2022-06-22 7.5 HIGH N/A
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
CVE-2002-0059 1 Zlib 1 Zlib 2022-06-22 7.5 HIGH N/A
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
CVE-2005-1849 1 Zlib 1 Zlib 2022-06-22 5.0 MEDIUM N/A
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
CVE-2018-25032 3 Debian, Fedoraproject, Zlib 3 Debian Linux, Fedora, Zlib 2022-05-26 5.0 MEDIUM 7.5 HIGH
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.