Jean-loup Gailly

6 exploits Active since Mar 2022
CVE-2018-25032 NOMISEC HIGH STUB
zlib <1.2.12 - Memory Corruption
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
1 stars
CVSS 7.5
CVE-2022-37434 NOMISEC CRITICAL STUB
zlib <= 1.2.12 - Heap-Based Buffer Overflow in inflate via Large Gzip Header Extra Field
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVSS 9.8
CVE-2018-25032 NOMISEC HIGH STUB
zlib <1.2.12 - Memory Corruption
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVSS 7.5
CVE-2018-25032 NOMISEC HIGH WORKING POC
zlib <1.2.12 - Memory Corruption
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVSS 7.5
CVE-2022-37434 WRITEUP CRITICAL WRITEUP
zlib <= 1.2.12 - Heap-Based Buffer Overflow in inflate via Large Gzip Header Extra Field
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVSS 9.8
CVE-2023-6992 WRITEUP MEDIUM STUB
Cloudflare zlib < 2023-11-16 - Denial of Service via Deflation Algorithm Memory Corruption
Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.
CVSS 4.0