Sign in Get started

← All vendors

Vendor

Zlib

Sign in to watch

Products

2

CVEs

8

Across products

10

Status

Private

Products

2

Zlib
8 CVEs
Pigz
2 CVEs

Recent CVEs

8

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2002-0059	Cri	0.66	9.8	0.29		Mar 15, 2002	The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
CVE-2003-0107		0.06	—	0.36		Mar 7, 2003	Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
CVE-2005-2096		0.03	—	0.43		Jul 6, 2005	zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
CVE-2005-1849		0.01	—	0.08		Jul 26, 2005	inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
CVE-2026-27171		0.00	—	0.00		Feb 18, 2026	zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
CVE-2015-1191		0.00	—	0.00		Jan 21, 2015	Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
CVE-2013-0296		0.00	—	0.00		Apr 27, 2014	Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.
CVE-2004-0797		0.00	—	0.02		Oct 20, 2004	The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).