A vulnerability has been reported in zlib, which can be exploited by malicious people to conduct a DoS (Denial of Service) against a vulnerable application or potentially execute arbitrary code.
The vulnerability is caused due to a boundary error in inftrees.c when handling corrupted compressed data streams. This can be exploited to crash any application that uses the zlib library, or potentially to execute arbitrary code with privileges of the vulnerable application.
The vulnerability has been reported in version 1.2.2. Prior versions may also be affected.
Solution: Update to version 1.2.3.
Provided and/or discovered by: Tavis Ormandy, Gentoo Linux Security Audit Team.
Original Advisory: Gentoo:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org