zlib: Buffer Overflow

Background zlib is a widely used free and patent unencumbered data compression library. Description A vulnerability has been discovered in zlib. Please review the CVE identifier referenced below for details. Impact MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffe...

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in several DB2 products such as DB2, DB2 for Cloud Pak and Web Query for i. A malicious party could exploit the exploit the vulnerabilities to grant himself locally elevated privileges assigned arbitrary code and thus execute arbitrary code with potentially privilege...

The vulnerability of the tif_jbig.c component of the JBIG1 data compression standard, which is used for working with JBIG images in the JBIG-KIT framework, allows a hacker to cause a service failure.

The vulnerability of the tifjbig.c component of the JBIG1 data compression standard, which is used for processing JBIG images, in the JBIG-KIT framework, relates to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to...

CVE-2022-42834

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression...

zlib bug fix and enhancement update

An update is available for zlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The zlib packages provide a general-purpose lossless data compression library th...

Binary vulnerability in libarchive (CNVD-2022-90746)

libarchive is a multi-format archive and compression library. A binary vulnerability exists in libarchive, which can be exploited by attackers to execute arbitrary code...

Important: mingw-zlib security update

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fixes: zlib: A flaw found in zlib when compressing not decompressing certain inputs CVE-2018-25032 For more details about the security issues, including the impact, a CV...

Moderate: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

zlib security update

An update is available for zlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The zlib packages provide a general-purpose lossless data compression library th...

USN-5570-2: zlib vulnerability

USN-5570-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue...

Vulnerabilities fixed in IBM Tivoli Monitoring

IBM has fixed vulnerabilities in Tivoli Monitoring. The vulnerabilities are in underlying software, such as Java Runtime, zlib and Eclipse and allow a malicious person to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Tivoli...

PT-2022-4638 · Go +9 · Compress/Gzip +9

Name of the Vulnerable Software and Affected Versions: compress/gzip versions prior to 1.17.12 compress/gzip versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in the Reader.Read function of the compress/gzip package in the Go programming language. This can be...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

Debian: Security Advisory (DLA-2993-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4968-2 lz4 vulnerability

USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a...

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

The vulnerability of the __zzipFetchFetchDiskTrailer function in the ZZIPlib library allows a hacker to trigger a service failure.

The vulnerability of the zzipfetchdisktrailer function in the ZZIPlib compression library is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures by using a specially created zip file...

The vulnerability of the zzip_disk_findfirst function in the ZZIPlib compression library, which stems from incorrect calculation of buffer size, allows a hacker to cause a service failure.

The vulnerability of the zzipdiskfindfirst function in the ZZIPlib compression library is related to incorrect calculation of buffer size. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using a specially created zip file...

Debian: Security Advisory (DLA-2085-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2085-1 : zlib security update

Several issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointer arithmetic. For Debian 8 'Jessie', these problems have been fixed in version 1:1.2.8.dfsg-2+deb8u1. We recomme...