Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2005-1849

Published: 26/07/2005 Updated: 22/06/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Zlib

Vulnerability Summary

inftrees.h in zlib 1.2.2 allows remote malicious users to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zlib zlib 1.2.2

Vendor Advisories

Red Hat: zlib security update
Synopsis zlib security update Type/Severity Security Advisory: Important Topic Updated zlib packages that fix a buffer overflow are now available for RedHat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Security Response Team Description Zl ...
Ubuntu Security Notice: dpkg, ia32-libs, amd64-libs vulnerabilities
USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams ...
Ubuntu Security Notice: zlib vulnerability
USN-148-1 fixed an improver input verification of zlib (CAN-2005-2096) Markus Oberhumer discovered additional ways a disrupted stream could trigger a buffer overflow and crash the application using zlib, so another update is necessary ...
Ubuntu Security Notice: aide vulnerabilities
USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams ...
Ubuntu Security Notice: rpm vulnerability
USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams ...
Debian Security Advisories: DSA-797-2 zsync -- denial of service
zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package There was a build error for the sarge i386 proftpd packages released in DSA 797-1 A new build, zsync_033-1sarge12, has been prepared to correct this error The packages for other architect ...
Debian Security Advisories: DSA-1026-1 sash -- buffer overflows
Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input This flaw can cause programs which use zlib to crash when opening an invalid file A further error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when openi ...
Debian Security Advisories: DSA-763-1 zlib -- remote DoS
Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input This flaw can cause programs which use zlib to crash when opening an invalid file This problem does not affect the old stable distribution (woody) For the current stable distribution (sarge), this problem has been fixe ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2005/dsa-763http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gzhttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680http://www.gentoo.org/security/en/glsa/glsa-200509-18.xmlhttp://www.debian.org/security/2005/dsa-797http://www.ubuntulinux.org/usn/usn-151-3http://www.securityfocus.com/bid/14340http://www.osvdb.org/18141http://securitytracker.com/id?1014540http://secunia.com/advisories/16137ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txthttp://secunia.com/advisories/18377http://www.redhat.com/support/errata/RHSA-2005-584.htmlhttp://secunia.com/advisories/17326http://secunia.com/advisories/17516http://www.debian.org/security/2006/dsa-1026http://secunia.com/advisories/19550http://www.gentoo.org/security/en/glsa/glsa-200603-18.xmlhttp://secunia.com/advisories/19334http://www.novell.com/linux/security/advisories/2005_43_zlib.htmlhttp://secunia.com/advisories/19597http://www.vmware.com/support/vi3/doc/esx-3616065-patch.htmlhttp://www.vmware.com/support/vi3/doc/esx-9916286-patch.htmlhttp://secunia.com/advisories/24788http://www.mandriva.com/security/advisories?name=MDKSA-2005:196http://www.mandriva.com/security/advisories?name=MDKSA-2006:070http://www.redhat.com/support/errata/RHSA-2008-0629.htmlhttp://secunia.com/advisories/31492http://www.vupen.com/english/advisories/2007/1267https://exchange.xforce.ibmcloud.com/vulnerabilities/21456https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402http://www.securityfocus.com/archive/1/464745/100/0/threadedhttps://access.redhat.com/errata/RHSA-2005:584https://nvd.nist.govhttps://usn.ubuntu.com/151-2/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook