CVE search results

1 – 10 of 12 results

Detailed view

Sort by:

CVE-2023-45853

Medium priority

Fixed

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE:...

3 affected packages

zlib, rsync, klibc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zlib	Not affected	Not affected	Not affected	Not affected
rsync	Not affected	Not affected	Not affected	Not affected
klibc	Not affected	Not affected	Not affected	Not affected

CVE-2022-42800

Medium priority

Not affected

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause...

2 affected packages

rsync, zlib

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rsync	—	Not affected	Not affected	Not affected
zlib	—	Not affected	Not affected	Not affected

CVE-2022-37434

Medium priority

Fixed

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle...

3 affected packages

rsync, zlib, klibc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rsync	Not affected	Not affected	Fixed	Fixed
zlib	Not affected	Fixed	Fixed	Fixed
klibc	Fixed	Fixed	Fixed	Fixed

CVE-2018-25032

Medium priority

Fixed

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

5 affected packages

rsync, zlib, mariadb-10.3, mariadb-10.6, klibc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rsync	Not affected	Not affected	Fixed	Fixed
zlib	Fixed	Fixed	Fixed	Fixed
mariadb-10.3	—	Not in release	Fixed	Not in release
mariadb-10.6	Not in release	Fixed	Not in release	Not in release
klibc	Fixed	Fixed	Fixed	Fixed

CVE-2016-9843

Low priority

Some fixes available 16 of 30

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

4 affected packages

rsync, zlib, klibc, zsync

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rsync	Fixed	Fixed	Fixed	Fixed
zlib	Not affected	Not affected	Not affected	Not affected
klibc	Needs evaluation	Not affected	Not affected	Not affected
zsync	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2016-9842

Low priority

Some fixes available 16 of 30

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

4 affected packages

zlib, rsync, klibc, zsync

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zlib	Not affected	Not affected	Not affected	Not affected
rsync	Fixed	Fixed	Fixed	Fixed
klibc	Needs evaluation	Not affected	Not affected	Not affected
zsync	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2016-9841

Low priority

Some fixes available 25 of 36

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

4 affected packages

rsync, zlib, klibc, zsync

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rsync	Fixed	Fixed	Fixed	Fixed
zlib	Not affected	Not affected	Not affected	Not affected
klibc	Fixed	Fixed	Fixed	Fixed
zsync	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2016-9840

Low priority

Some fixes available 25 of 36

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

4 affected packages

zlib, rsync, klibc, zsync

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zlib	Not affected	Not affected	Not affected	Not affected
rsync	Fixed	Fixed	Fixed	Fixed
klibc	Fixed	Fixed	Fixed	Fixed
zsync	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2009-1391

Medium priority

Fixed

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service...

2 affected packages

libcompress-raw-zlib-perl, perl

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libcompress-raw-zlib-perl	—	—	—	—
perl	—	—	—	—

CVE-2005-2096

Medium priority

Some fixes available 19 of 21

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as...

9 affected packages

aide, bacula, dpkg, dump, ia32-libs...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
aide	—	—	—	—
bacula	—	—	—	—
dpkg	—	—	—	—
dump	—	—	—	—
ia32-libs	—	—	—	—
rpm	—	—	—	—
sash	—	—	—	—
zlib	—	—	—	—
zsync	—	—	—	—

Export to JSON

Results by page:

Search CVE reports