There is a bug in the zlib compression library that may manifest itself as a vulnerability in programs that are linked with zlib. This may allow an attacker to conduct a denial-of-service attack, gather information, or execute arbitrary code.
It is important to note that the CERT/CC has not received any reports of exploitation of this bug. Based on the information available to us at this time, it is difficult to determine whether this bug can be successfully exploited. However, given the widespread deployment of zlib, we have published this document as a proactive measure.
There is a bug in the decompression algorithm used by the popular zlib compression library. If an attacker is able to pass a specially-crafted block of invalid compressed data to a program that includes zlib, the program's attempt to decompress the crafted data can cause the zlib routines to corrupt the internal data structures maintained by malloc.
This bug may introduce vulnerabilities into any program that includes the affected library. Depending upon how and where the zlib routines are called from the given program, the resulting vulnerability may have one or more of the following impacts: denial of service, information leakage, or execution of arbitrary code.
Upgrade your version of zlib
Cisco Systems Inc. Affected
Compaq Computer Corporation Affected
Guardian Digital Inc. Affected
Hewlett-Packard Company Affected
Juniper Networks Affected
Openwall GNU/*/Linux Affected
Red Hat Inc. Affected
SuSE Inc. Affected
Sun Microsystems Inc. Affected
The SCO Group (SCO Linux) Affected
Apple Computer Inc. Not Affected
F-Secure Not Affected
Fujitsu Not Affected
Microsoft Corporation Not Affected
SSH Communications Security Not Affected
AOL Time Warner Unknown
Computer Associates Unknown
Data General Unknown
Lotus Software Unknown
Lucent Technologies Unknown
NEC Corporation Unknown
Nortel Networks Unknown
Oracle Corporation Unknown
Sony Corporation Unknown
The Open Group Unknown
The SCO Group (SCO UnixWare) Unknown
Wind River Systems Inc. Unknown
The CERT/CC thanks Owen Taylor and Mark Cox of Red Hat, Inc. for reporting this vulnerability. We also thank Mark Adler of zlib.org for contributing to our research and Matthias Clasen for contributing to the discovery of this vulnerability.
This document was written by Jeffrey P. Lanza.