JLSEC-2026-479

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

CentOS 9 : zlib-1.2.11-41.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the zlib-1.2.11-41.el9 build changelog. - MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment...

EulerOS Virtualization 2.11.0 : binutils (EulerOS-SA-2024-1424)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a lon...

EulerOS Virtualization 2.11.0 : zlib (EulerOS-SA-2024-1437)

According to the versions of the zlib package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long...

EulerOS Virtualization 2.10.0 : zlib (EulerOS-SA-2024-1394)

According to the versions of the zlib package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2024-1375)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated zlib packages fix a security vulnerability

The updated packages fix a security vulnerability: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. CVE-2023-45853...

CLSA-2023-1698179598 Fix CVE(s): CVE-2023-45853

SECURITY UPDATE: Reject overflows of zip header fields in minizip - debian/patches/CVE-2023-45853.patch: Check length of comment, filename and extra field in zipOpenNewFileInZip464 - CVE-2023-45853...

CLSA-2023-1698179235 Fix CVE(s): CVE-2023-45853

SECURITY UPDATE: Reject overflows of zip header fields in minizip - debian/patches/CVE-2023-45853.patch: Check length of comment, filename and extra field in zipOpenNewFileInZip464 - CVE-2023-45853...

Buffer Overflow

libz.so is vulnerable to Buffer Overflow. The vulnerability is present due to the absence of length checks in the filename, extrafield, and comment parameters within the zip.c. This oversight enables an attacker to trigger an integer overflow, leading to a heap-based buffer overflow in the...

OESA-2023-1751 zlib security update

Zlib is a free, general-purpose, not covered by any patents, lossless data-compression library for use on virtually any computer hardware and operating system. The zlib data format is itself portable across platforms. Security Fixes: MiniZip in zlib through 1.3 has an integer overflow and resulta...

GHSA-MQ29-J5XF-CJWR pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. pyminizip uses version 1.2.11 of zlib's code...

DEBIAN-CVE-2023-45853

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

CVE-2023-45853

CVE-2023-45853 affects MiniZip in zlib up to version 1.3, with an integer overflow that leads to a heap-based buffer overflow in zipOpenNewFileInZip4_64 when processing long filename, comment, or extra field. Pyminizip (up to 0.2.6) is also vulnerable as it bundles this zlib/MiniZip code. Connect...

CVE-2023-45853

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

CVE-2023-45853

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...