zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Zlib in versions v0.8 to v1.2.11 is vulnerable to use-of-uninitialized-value in inflate.
There are a couple of places in inflate() where UPDATE is called with state->check as its first parameter, without a guarantee that this value has been initialized (state comes from a ZALLOC in inflateInit). This causes use of uninitialized check value.
Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.
Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.
A massively spiffy yet delicately unobtrusive compression library.
Library home page: https://github.com/madler/zlib.git
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-37434
### Vulnerable Library - zlibv1.2.5A massively spiffy yet delicately unobtrusive compression library.
Library home page: https://github.com/madler/zlib.git
Found in base branch: 4.8
### Vulnerable Source Files (1)
/src/3rdparty/zlib/inflate.c
### Vulnerability Detailszlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Publish Date: 2022-08-05
URL: CVE-2022-37434
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.3%
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2022-08-05
Fix Resolution: v1.2.13
CVE-2018-25032
### Vulnerable Libraries - zlibv1.2.5, zlibv1.2.5, zlibv1.2.5
### Vulnerability Detailszlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Publish Date: 2022-03-25
URL: CVE-2018-25032
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.3%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2022-03-25
Fix Resolution: v1.2.12
WS-2020-0368
### Vulnerable Library - zlibv1.2.5A massively spiffy yet delicately unobtrusive compression library.
Library home page: https://github.com/madler/zlib.git
Found in base branch: 4.8
### Vulnerable Source Files (1)
/src/3rdparty/zlib/inflate.c
### Vulnerability DetailsZlib in versions v0.8 to v1.2.11 is vulnerable to use-of-uninitialized-value in inflate. There are a couple of places in inflate() where UPDATE is called with state->check as its first parameter, without a guarantee that this value has been initialized (state comes from a ZALLOC in inflateInit). This causes use of uninitialized check value.
Publish Date: 2020-02-22
URL: WS-2020-0368
### Threat AssessmentExploit Maturity: Not Defined
EPSS:
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.
CVE-2015-2158
### Vulnerable Library - zlibv1.2.5A massively spiffy yet delicately unobtrusive compression library.
Library home page: https://github.com/madler/zlib.git
Found in base branch: 4.8
### Vulnerable Source Files (1)
/src/3rdparty/zlib/inflate.c
### Vulnerability DetailsOff-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.
Publish Date: 2017-10-06
URL: CVE-2015-2158
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.70000005%
### CVSS 3 Score Details (4.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1198171
Release Date: 2017-10-06
Fix Resolution: v1.7.84
CVE-2023-6992
### Vulnerable Library - zlibv1.2.5A massively spiffy yet delicately unobtrusive compression library.
Library home page: https://github.com/madler/zlib.git
Found in base branch: 4.8
### Vulnerable Source Files (1)
/src/3rdparty/zlib/deflate.c
### Vulnerability DetailsCloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.
Publish Date: 2024-01-04
URL: CVE-2023-6992
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.0%
### CVSS 3 Score Details (4.0)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here.