MidnightBSD

Advisories for zlib

CVE-2002-0059 HIGH

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
zlib zlib *
CVE-2003-0107 HIGH

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zlib zlib 1.1.4
CVE-2004-0797 LOW

The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zlib zlib 1.2.1
CVE-2005-1849 MEDIUM

inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zlib zlib 1.2.2
CVE-2005-2096 HIGH

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zlib zlib 1.2.2
zlib zlib 1.2.0
zlib zlib 1.2.1
CVE-2013-0296 MEDIUM

Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
zlib pigz *
CVE-2015-1191 MEDIUM

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
zlib pigz 2.3.1
CVE-2016-9840 MEDIUM

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.7.0
redhat enterprise_linux_workstation 7.0
oracle database_server 18c
apple iphone_os *
oracle mysql *
oracle jre 1.8.0
apple mac_os_x *
redhat enterprise_linux_workstation 6.0
nodejs node.js *
oracle jdk 1.8.0
oracle jre 1.7.0
opensuse leap 42.2
redhat enterprise_linux_server 7.0
opensuse leap 42.1
canonical ubuntu_linux 16.04
redhat enterprise_linux_desktop 6.0
apple watchos *
canonical ubuntu_linux 18.04
oracle jdk 1.6.0
zlib zlib *
redhat enterprise_linux_eus 7.4
oracle jre 1.6.0
redhat satellite 5.8
debian debian_linux 8.0
apple tvos *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_eus 7.5
opensuse opensuse 13.2
redhat enterprise_linux_desktop 7.0
boost boost *
CVE-2016-9841 HIGH

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp vasa_provider_for_clustered_data_ontap *
netapp hci_storage_node -
netapp e-series_santricity_management -
oracle database_server 18c
apple iphone_os *
oracle mysql *
oracle jre 1.8.0
apple mac_os_x *
redhat enterprise_linux_workstation 6.0
netapp e-series_santricity_web_services -
oracle jdk 1.8.0
opensuse leap 42.2
netapp oncommand_shift -
canonical ubuntu_linux 16.04
netapp oncommand_insight -
netapp oncommand_performance_manager -
redhat enterprise_linux_eus 7.4
oracle jre 1.6.0
redhat satellite 5.8
apple tvos *
redhat enterprise_linux_server 6.0
netapp e-series_santricity_os_controller *
netapp virtual_storage_console -
netapp steelstore_cloud_integrated_storage -
oracle jdk 1.7.0
redhat enterprise_linux_workstation 7.0
netapp symantec_netbackup -
nodejs node.js *
oracle jre 1.7.0
netapp oncommand_balance -
redhat enterprise_linux_server 7.0
netapp storage_replication_adapter_for_clustered_data_ontap -
opensuse leap 42.1
netapp solidfire -
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
redhat enterprise_linux_desktop 6.0
apple watchos *
canonical ubuntu_linux 18.04
netapp e-series_santricity_storage_manager -
netapp active_iq_unified_manager *
oracle jdk 1.6.0
zlib zlib *
netapp snapmanager -
debian debian_linux 8.0
redhat enterprise_linux_eus 7.5
netapp cloud_backup -
opensuse opensuse 13.2
redhat enterprise_linux_desktop 7.0
netapp oncommand_unified_manager *
CVE-2016-9843 HIGH

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.7.0
redhat enterprise_linux_workstation 7.0
netapp snapcenter -
oracle database_server 18c
apple iphone_os *
oracle mysql *
oracle jre 1.8.0
apple mac_os_x *
redhat enterprise_linux_workstation 6.0
nodejs node.js *
oracle jdk 1.8.0
oracle jre 1.7.0
opensuse leap 42.2
redhat enterprise_linux_server 7.0
opensuse leap 42.1
mariadb mariadb *
netapp oncommand_workflow_automation -
canonical ubuntu_linux 16.04
redhat enterprise_linux_desktop 6.0
netapp oncommand_insight -
apple watchos *
canonical ubuntu_linux 18.04
netapp active_iq_unified_manager *
oracle jdk 1.6.0
zlib zlib *
redhat enterprise_linux_eus 7.4
oracle jre 1.6.0
redhat satellite 5.8
debian debian_linux 8.0
apple tvos *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_eus 7.5
opensuse opensuse 13.2
redhat enterprise_linux_desktop 7.0
CVE-2018-25032 MEDIUM

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
siemens scalance_sc642-2c_firmware *
netapp management_services_for_element_software -
apple mac_os_x *
netapp h700s_firmware -
fedoraproject fedora 34
netapp h410c_firmware -
netapp h500s_firmware -
siemens scalance_sc636-2c_firmware *
azul zulu 6.45
azul zulu 17.32
apple mac_os_x 10.15.7
siemens scalance_sc626-2c_firmware *
python python *
debian debian_linux 11.0
mariadb mariadb *
apple macos *
azul zulu 13.46
azul zulu 11.54
netapp h410s_firmware -
nokogiri nokogiri *
azul zulu 7.52
netapp oncommand_workflow_automation -
netapp h300s_firmware -
siemens scalance_sc622-2c_firmware *
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
siemens scalance_sc632-2c_firmware *
zlib zlib *
fedoraproject fedora 36
debian debian_linux 10.0
azul zulu 15.38
netapp e-series_santricity_os_controller *
netapp hci_compute_node -
debian debian_linux 9.0
azul zulu 8.60
goto gotoassist *
siemens scalance_sc646-2c_firmware *
CVE-2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Products Affected

Vendor Product Version
stormshield stormshield_network_security *
netapp active_iq_unified_manager -
apple ipados *
netapp storagegrid -
netapp management_services_for_element_software -
netapp ontap_select_deploy_administration_utility -
apple iphone_os *
apple watchos *
fedoraproject fedora 35
netapp h700s_firmware -
zlib zlib *
netapp h500s_firmware -
fedoraproject fedora 36
debian debian_linux 10.0
netapp hci_compute_node -
apple macos *
netapp oncommand_workflow_automation -
fedoraproject fedora 37
netapp hci -
netapp h300s_firmware -
CVE-2023-45853

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
smihica pyminizip *
zlib zlib *
CVE-2026-22184

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

Products Affected

Vendor Product Version
zlib zlib *
CVE-2026-27171

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.4 1.4

Products Affected

Vendor Product Version
zlib zlib *