zlib 1.0.3

CPE Details

zlib 1.0.3
zlib
zlib
1.0.3
2019-01-08
17h03 +00:00
2022-06-22
14h40 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:zlib:zlib:1.0.3:*:*:*:*:*:*:*

Informations

Vendor

zlib

Product

zlib

Version

1.0.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-45853 2023-10-13 22h00 +00:00 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
9.8
Critical
CVE-2022-37434 2022-08-05 00h00 +00:00 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
9.8
Critical
CVE-2018-25032 2022-03-24 23h00 +00:00 zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5
High
CVE-2002-0059 2002-06-25 02h00 +00:00 The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
9.8
Critical