CVE-2018-25032

HIGH

zlib <1.2.12 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-25032. PoCs published by Trinadh465, Satheesh575555.

AI-analyzed exploit summary The repository appears to be a zlib source code snapshot with no explicit exploit code or PoC for CVE-2018-25032. The README and source files are standard zlib documentation and implementation files.

Description

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Exploits (3)

nomisec STUB 1 stars
by Trinadh465 · poc
https://github.com/Trinadh465/external_zlib_4.4_CVE-2018-25032

The repository appears to be a zlib source code snapshot with no explicit exploit code or PoC for CVE-2018-25032. The README and source files are standard zlib documentation and implementation files.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: zlib 1.2.7
No auth needed
Prerequisites: none
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Trinadh465 · poc
https://github.com/Trinadh465/external_zlib_AOSP10_r33_CVE-2018-25032

This repository contains a proof-of-concept for CVE-2018-25032, which is a vulnerability in zlib 1.2.11. The exploit appears to target a buffer overflow or similar memory corruption issue in the compression library.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: zlib 1.2.11
No auth needed
Prerequisites: Access to a system running zlib 1.2.11
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by Satheesh575555 · poc
https://github.com/Satheesh575555/external_zlib-1.2.7_CVE-2018-25032

The repository appears to be a snapshot of zlib 1.2.7 with no explicit exploit code or proof-of-concept for CVE-2018-25032. The README and source files are standard zlib documentation and implementation files.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: zlib 1.2.7
No auth needed
Prerequisites: None identified
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (29)

Core 29
Core References
Issue Tracking, Patch, Third Party Advisory
https://github.com/madler/zlib/issues/605
Exploit, Mailing List, Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/03/28/1
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/03/25/2
Exploit, Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/03/26/1
Patch, Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5111
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/May/33
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/May/35
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/May/38
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202210-42

Scores

CVSS v3 7.5
EPSS 0.0009
EPSS Percentile 25.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (37)
apple/mac_os_x 10.15.7 (14 CPE variants)
apple/mac_os_x 10.15 - 10.15.7
apple/macos 11.0 - 11.6.6
azul/zulu 6.45
azul/zulu 7.52
azul/zulu 8.60
azul/zulu 11.54
azul/zulu 13.46
azul/zulu 15.38
azul/zulu 17.32
... and 27 more
Published Mar 25, 2022
Tracked Since Feb 18, 2026