Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:gnu:zlib:*
  • Search Type: Search All
There are 9 matching records.
Displaying matches 1 through 9.
Vuln ID Summary CVSS Severity
CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Published: May 23, 2017; 12:29:01 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

Published: May 23, 2017; 12:29:01 AM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Published: May 23, 2017; 12:29:01 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Published: May 23, 2017; 12:29:01 AM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2005-1849

inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.

Published: July 26, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2005-2096

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

Published: July 06, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-0797

The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).

Published: October 20, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2003-0107

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

Published: March 07, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0059

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

Published: March 15, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH