apk package
chainguard/zlib-dev
pkg:apk/chainguard/zlib-dev
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27171 | — | < 1.3.2-r0 | 1.3.2-r0 | Feb 18, 2026 | zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. | ||
| CVE-2023-45853 | — | < 1.3-r1 | 1.3-r1 | Oct 14, 2023 | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable becaus | ||
| CVE-2022-37434 | — | < 1.2.13-r1 | 1.2.13-r1 | Aug 5, 2022 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable t | ||
| CVE-2018-25032 | — | < 1.2.13-r1 | 1.2.13-r1 | Mar 25, 2022 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
- CVE-2026-27171Feb 18, 2026affected < 1.3.2-r0fixed 1.3.2-r0
zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
- CVE-2023-45853Oct 14, 2023affected < 1.3-r1fixed 1.3-r1
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable becaus
- CVE-2022-37434Aug 5, 2022affected < 1.2.13-r1fixed 1.2.13-r1
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable t
- CVE-2018-25032Mar 25, 2022affected < 1.2.13-r1fixed 1.2.13-r1
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.