CVE-2003-0107

zlib 1.1.4 - Buffer Overflow in gzprintf

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0107. PoCs published by CrZ, Richard Kettlewel.

AI-analyzed exploit summary This exploit leverages a buffer overflow in Zlib's gzprintf function (CVE-2003-0107) to execute arbitrary shellcode. It constructs a malicious buffer with a NOP sled and shellcode to spawn a shell, targeting Zlib versions up to 1.1.4.

Description

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

Exploits (2)

exploitdb WORKING POC VERIFIED
by CrZ · cremotelinux
https://www.exploit-db.com/exploits/22274

This exploit leverages a buffer overflow in Zlib's gzprintf function (CVE-2003-0107) to execute arbitrary shellcode. It constructs a malicious buffer with a NOP sled and shellcode to spawn a shell, targeting Zlib versions up to 1.1.4.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zlib <= 1.1.4
No auth needed
Prerequisites: Zlib 1.1.4 or earlier installed · Ability to execute arbitrary code on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Richard Kettlewel · cdoslinux
https://www.exploit-db.com/exploits/22273

This exploit demonstrates a buffer overflow vulnerability in Zlib 1.1.4 via the gzprintf() function, which uses vsprintf() without proper boundary checks. The PoC attempts to trigger the overflow by writing a large format string to a gzFile handle.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Zlib 1.1.4
No auth needed
Prerequisites: Zlib 1.1.4 installed on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN78689801/index.html
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html
Various Sources vendor-advisory x_refsource_mandrake
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033
Vendor Advisory vendor-advisory x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-081.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-079.html
Mailing List vendor-advisory x_refsource_gentoo
http://marc.info/?l=bugtraq&m=104887247624907&w=2
Various Sources vendor-advisory x_refsource_caldera
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/142121
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104610536129508&w=2
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/6599
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104620610427210&w=2
Exploit mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/312869
Various Sources vendor-advisory x_refsource_conectiva
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6913
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/11381.php
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104610337726297&w=2

Scores

EPSS 0.2554
EPSS Percentile 97.7%

Details

Status published
Products (1)
zlib/zlib 1.1.4
Published Mar 07, 2003
Tracked Since Feb 18, 2026