IM
IronMonkey Threat Research

CVE-2005-2096 HIGH

Published: 2005-07-06 | Last Modified: 2026-07-14 | Status: Modified

Description

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

CVSS Metrics

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-Other

Affected Products

Vendor Product Version Update Type
zlib zlib 1.2.0 <built-in method update of dict object at 0x702b80610a40> Application
zlib zlib 1.2.1 <built-in method update of dict object at 0x702b80611280> Application
zlib zlib 1.2.2 <built-in method update of dict object at 0x702bdc60e140> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:zlib:zlib:1.2.0:*:*:*:*:*:*:*
Yes cpe:2.3:a:zlib:zlib:1.2.1:*:*:*:*:*:*:*
Yes cpe:2.3:a:zlib:zlib:1.2.2:*:*:*:*:*:*:*

References

Notification
Message here