zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
AV:N/AC:L/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
NVD-CWE-Other
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| zlib | zlib | 1.2.0 | <built-in method update of dict object at 0x702b80610a40> | Application |
| zlib | zlib | 1.2.1 | <built-in method update of dict object at 0x702b80611280> | Application |
| zlib | zlib | 1.2.2 | <built-in method update of dict object at 0x702bdc60e140> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:zlib:zlib:1.2.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:zlib:zlib:1.2.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:zlib:zlib:1.2.2:*:*:*:*:*:*:* |