CVE Tools

zlib

OSS Librariesoss-project

8

Cumulative CVEs

3

Monthly snapshots

#93

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting zlib.

CVE-2026-27171zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.2.9Feb 18, 2026
CVE-2026-22184zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()9.8Jan 7, 2026
CVE-2023-45853MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supporte...9.8Oct 14, 2023
CVE-2022-37434zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected...9.8Aug 5, 2022
CVE-2018-25032zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.7.5Mar 25, 2022
CVE-2016-9842The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.8.8May 23, 2017
CVE-2016-9843The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.9.8May 23, 2017
CVE-2016-9841inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.9.8May 23, 2017
CVE-2016-9840inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.8.8May 23, 2017
CVE-2015-1191Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.5.0Jan 21, 2015
CVE-2013-0296Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow loc...4.4Apr 27, 2014
CVE-2005-1849inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.5.0Jul 26, 2005
CVE-2005-2096zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads ...7.5Jul 6, 2005
CVE-2004-0797The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).2.1Sep 14, 2004
CVE-2003-0107Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or p...7.5Sep 1, 2004