Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-2096

Published: 06/07/2005 Updated: 22/06/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Zlib

Vulnerability Summary

zlib 1.2 and later versions allows remote malicious users to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zlib zlib 1.2.1

zlib zlib 1.2.0

zlib zlib 1.2.2

Vendor Advisories

Red Hat: zlib security update
Synopsis zlib security update Type/Severity Security Advisory: Important Topic Updated Zlib packages that fix a buffer overflow are now available for RedHat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Security Response Team Description Zl ...
Ubuntu Security Notice: dpkg, ia32-libs, amd64-libs vulnerabilities
USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams ...
Ubuntu Security Notice: zlib vulnerability
Tavis Ormandy discovered that zlib did not properly verify data streams Decompressing certain invalid compressed files caused corruption of internal data structures, which caused applications which link to zlib to crash Specially crafted input might even have allowed arbitrary code execution ...
Ubuntu Security Notice: aide vulnerabilities
USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams ...
Ubuntu Security Notice: rpm vulnerability
USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams ...
Debian Security Advisories: DSA-797-2 zsync -- denial of service
zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package There was a build error for the sarge i386 proftpd packages released in DSA 797-1 A new build, zsync_033-1sarge12, has been prepared to correct this error The packages for other architect ...
Debian Security Advisories: DSA-740-1 zlib -- remote denial of service
An error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file This problem does not affect the old stable distribution (woody) For the stable distribution (sarge), this problem has been fixed in version 122-4sarge1 For the unstable distribution, this prob ...
Debian Security Advisories: DSA-1026-1 sash -- buffer overflows
Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input This flaw can cause programs which use zlib to crash when opening an invalid file A further error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when openi ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2005/dsa-740http://www.redhat.com/support/errata/RHSA-2005-569.htmlhttp://security.gentoo.org/glsa/glsa-200507-05.xmlhttp://www.securityfocus.com/bid/14162http://securitytracker.com/id?1014398http://secunia.com/advisories/15949http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680http://www.gentoo.org/security/en/glsa/glsa-200509-18.xmlhttp://www.debian.org/security/2005/dsa-797https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.aschttp://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1http://www.kb.cert.org/vuls/id/680620http://www.ubuntulinux.org/usn/usn-151-3ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txthttp://secunia.com/advisories/18406http://secunia.com/advisories/18377http://secunia.com/advisories/17054http://secunia.com/advisories/17225http://secunia.com/advisories/17236http://secunia.com/advisories/17326http://secunia.com/advisories/17516http://secunia.com/advisories/19550http://www.debian.org/security/2006/dsa-1026http://support.avaya.com/elmodocs2/security/ASA-2006-016.htmhttp://secunia.com/advisories/18507http://secunia.com/advisories/19597http://www.vmware.com/support/vi3/doc/esx-3616065-patch.htmlhttp://www.vmware.com/support/vi3/doc/esx-9916286-patch.htmlhttp://secunia.com/advisories/24788http://www.mandriva.com/security/advisories?name=MDKSA-2005:112http://www.mandriva.com/security/advisories?name=MDKSA-2005:196http://www.mandriva.com/security/advisories?name=MDKSA-2006:070http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.htmlhttp://support.apple.com/kb/HT3298http://www.redhat.com/support/errata/RHSA-2008-0629.htmlhttp://secunia.com/advisories/31492http://www.vupen.com/english/advisories/2007/1267http://www.vupen.com/english/advisories/2006/0144http://www.vupen.com/english/advisories/2005/0978http://secunia.com/advisories/32706https://exchange.xforce.ibmcloud.com/vulnerabilities/24064https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1542https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1262https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11500https://usn.ubuntu.com/148-1/http://www.securityfocus.com/archive/1/482950/100/0/threadedhttp://www.securityfocus.com/archive/1/482949/100/0/threadedhttp://www.securityfocus.com/archive/1/482601/100/0/threadedhttp://www.securityfocus.com/archive/1/482571/100/0/threadedhttp://www.securityfocus.com/archive/1/482505/100/0/threadedhttp://www.securityfocus.com/archive/1/482503/100/0/threadedhttp://www.securityfocus.com/archive/1/464745/100/0/threadedhttp://www.securityfocus.com/archive/1/421411/100/0/threadedhttps://access.redhat.com/errata/RHSA-2005:569https://nvd.nist.govhttps://usn.ubuntu.com/151-2/https://www.kb.cert.org/vuls/id/680620
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook