Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zlib vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-0851
FileZilla FTP server prior to 0.9.6, when using MODE Z (zlib compression), allows remote malicious users to cause a denial of service (infinite loop) via certain file uploads or directory listings.
Filezilla-project Filezilla Server
5.5
CVSSv3
CVE-2017-7609
elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote malicious users to cause a denial of service (memory consumption) via a crafted ELF file.
Elfutils Project Elfutils 0.168
6.5
CVSSv3
CVE-2023-3255
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is ...
Qemu Qemu
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 38
NA
CVE-2011-0015
Tor prior to 0.2.1.29 and 0.2.2.x prior to 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote malicious users to cause a denial of service via a large compression factor.
Tor Tor 0.2.1.11
Tor Tor 0.2.1.12
Tor Tor 0.2.1.17
Tor Tor 0.2.1.19
Tor Tor 0.2.1.20
Tor Tor 0.2.1.25
Tor Tor 0.2.1.27
Tor Tor 0.2.1.8
Tor Tor 0.2.0.31
Tor Tor 0.2.0.32
Tor Tor 0.2.0.28
Tor Tor 0.2.0.25
Tor Tor 0.2.0.27
Tor Tor 0.2.0.16
Tor Tor 0.2.0.18
Tor Tor 0.2.0.8
Tor Tor 0.2.0.11
Tor Tor 0.2.0.1
Tor Tor 0.2.0.3
Tor Tor 0.1.2.13
Tor Tor 0.1.2.5
Tor Tor 0.1.2.11
7.8
CVSSv3
CVE-2023-35989
An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
Tonybybell Gtkwave 3.3.115
7.8
CVSSv3
CVE-2023-38657
An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
Tonybybell Gtkwave 3.3.115
NA
CVE-2015-7054
zlib in the Compression component in Apple iOS prior to 9.2, OS X prior to 10.11.2, tvOS prior to 9.1, and watchOS prior to 2.1 does not initialize memory for an unspecified data structure, which allows remote malicious users to execute arbitrary code via a crafted web site.
Apple Iphone Os
Apple Mac Os X
Apple Watchos
Apple Tvos
NA
CVE-2011-2174
Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x prior to 1.2.17 and 1.4.x prior to 1.4.7 allows remote malicious users to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression.
Wireshark Wireshark 1.2.10
Wireshark Wireshark 1.2.8
Wireshark Wireshark 1.2.13
Wireshark Wireshark 1.2.5
Wireshark Wireshark 1.2.7
Wireshark Wireshark 1.2.6
Wireshark Wireshark 1.2.3
Wireshark Wireshark 1.2.0
Wireshark Wireshark 1.2.16
Wireshark Wireshark 1.2.12
Wireshark Wireshark 1.2.11
Wireshark Wireshark 1.2.4
Wireshark Wireshark 1.2.1
Wireshark Wireshark 1.2.9
Wireshark Wireshark 1.2
Wireshark Wireshark 1.2.14
Wireshark Wireshark 1.2.2
Wireshark Wireshark 1.2.15
Wireshark Wireshark 1.4.3
Wireshark Wireshark 1.4.2
Wireshark Wireshark 1.4.1
Wireshark Wireshark 1.4.0
5.5
CVSSv3
CVE-2015-8721
Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x prior to 1.12.9 and 2.0.x prior to 2.0.1 allows remote malicious users to cause a denial of service (application crash) via a crafted packet with zlib compression.
Wireshark Wireshark 1.12.4
Wireshark Wireshark 1.12.5
Wireshark Wireshark 1.12.0
Wireshark Wireshark 1.12.2
Wireshark Wireshark 1.12.1
Wireshark Wireshark 1.12.7
Wireshark Wireshark 1.12.6
Wireshark Wireshark 1.12.3
Wireshark Wireshark 1.12.8
7.5
CVSSv3
CVE-2018-14340
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
Wireshark Wireshark
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »