zlib: Buffer overflow
Gentoo Linux Security Advisory
||GLSA 200507-05 / zlib
||July 06, 2005
||July 06, 2005: 01
All supported architectures
A buffer overflow has been discovered in zlib, potentially resulting in the
execution of arbitrary code.
zlib is a widely used free and patent unencumbered data
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
buffer overflow in zlib. A bounds checking operation failed to take
invalid data into account, allowing a specifically malformed deflate
data stream to overrun a buffer.
An attacker could construct a malformed data stream, embedding it
within network communication or an application file format, potentially
resulting in the execution of arbitrary code when decoded by the
application using the zlib library.
There is no known workaround at this time.
All zlib users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.2-r1"