RSS   Vulnerabilities for 'ZLIB'   RSS

2017-05-23
 
CVE-2016-9843

CWE-189
 

 
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

 
 
CVE-2016-9842

CWE-189
 

 
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

 
 
CVE-2016-9841

CWE-189
 

 
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

 
 
CVE-2016-9840

CWE-189
 

 
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

 
2005-07-06
 
CVE-2005-2096

CWE-Other
 

 
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

 
2005-07-26
 
CVE-2005-1849

CWE-Other
 

 
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.

 
2004-10-20
 
CVE-2004-0797

 

 
The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).

 
2003-03-07
 
CVE-2003-0107

 

 
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

 
2002-03-15
 
CVE-2002-0059

CWE-Other
 

 
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

 

 >>> Vendor: GNU 99 Products
INET
LIBC
Fingerd
WGET
BASH
Finger service
Gnumeric
MAKE
Emacs
Glibc
Mailman
Userv
Groff
Cfengine
Privacy guard
ED
G++
GCC
Findutils
GZIP
TAR
Radius
Enscript
ZLIB
Sharutils
Chess
Fileutils
Screen
Data display debugger
Zebra
LSH
Libtool
Anubis
FLIM
Aspell
Queue
Ksymoops
Gnats
Gettext
Mailutils
A2PS
Realtime linux security module
LESS
Gnubiff
Gnutls
Xemacs
Coreutils
CPIO
GDB
Phpbook
Texinfo
Gnump3d
Binutils
GV
Libtool-ltdl
Gpgme
Gnumail
Iceweasel
Flash player
GIMP
Tramp
Libcdio
M4
SCCS
Grub legacy
ADNS
Ibackup
Escript
Classpath
Gnu screen
Automake
Grub 2
NANO
Gnash
Gnu patch
Eglibc
Libtasn1
Libiberty
GREP
Libmicrohttpd
RUSH
GRUB
Readline
Patch
Parallel
Grub2
Libidn
Guile
OSIP
Gnutls libtasn1
Libssp
Ncurses
PSPP
CVS
Libextractor
Global
Guixsd
Recutils
Libredwg


Copyright 2019, cxsecurity.com

 

Back to Top