Vulnerability Note VU#142121
zlib "gzprintf()" function vulnerable to buffer overflow
A buffer overflow exists in one of the functions included with the zlib compression library. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial of service. An exploit for this vulnerability is publicly available.
The zlib website describes zlib as a "...lossless data-compression library for use on virtually any computer hardware and operating system." A buffer overflow exists in the gzprintf function contained within the zlib compression library. For more detailed information, please see Richard Kettlewell's advisory.
A remote attacker may be able to execute code or cause a denial of service.
If you are a vendor and your product is affected, let
us know.View More »
This vulnerability was discovered by Richard Kettlewell.
This document was written by Ian A Finlay.
22 Feb 2003
Date First Published:
23 May 2003
Date Last Updated:
06 Jun 2008
If you have feedback, comments, or additional information about this vulnerability, please send us email.