CVE-2002-0059
CRITICALzlib < 1.1.3 - Double Free via Malformed Compression Data
Title source: llmDescription
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
References (16)
Core 16
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4267
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
Broken Link vendor-advisory
x_refsource_hp
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
Broken Link, Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-027.html
Broken Link vendor-advisory
x_refsource_hp
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
Broken Link, Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-026.html
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.cert.org/advisories/CA-2002-07.html
Broken Link vendor-advisory
x_refsource_mandrake
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
Broken Link vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
Broken Link, Patch, Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
Broken Link vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-122
Broken Link vendor-advisory
x_refsource_caldera
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
Broken Link vendor-advisory
x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/368819
Broken Link vendor-advisory
x_refsource_caldera
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
Broken Link vendor-advisory
x_refsource_hp
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
Scores
CVSS v3
9.8
EPSS
0.0951
EPSS Percentile
94.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (1)
zlib/zlib
< 1.1.3
Published
Mar 15, 2002
Tracked Since
Feb 18, 2026