CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
84.6%
Markus Franz Xaver Johannes Oberhumer reports, in the package’s NEWS file:
Fixed a potential integer overflow condition in the “safe”
decompressor variants which could result in a possible buffer
overrun when processing maliciously crafted compressed input
data.
As this issue only affects 32-bit systems and also can only happen
if you use uncommonly huge buffer sizes where you have to decompress
more than 16 MiB (2^24 bytes) compressed bytes within a single
function call, the practical implications are limited.