CVE-2005-2096

Severity

75%

Complexity

99%

Confidentiality

106%

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 19 years ago

2005-07-06 04:00:00

Last updated 6 years ago

2018-10-19 15:32:00

Affected Software

GNU zlib 1.2

1.2.0

GNU zlib 1.2.1

1.2.1

GNU zlib 1.2.2

1.2.2

References

FreeBSD-SA-05:16.zlib

SCOSA-2006.6

APPLE-SA-2008-11-13

APPLE-SA-2005-08-17

Vendor Advisory

APPLE-SA-2005-08-15

15949

Patch, Vendor Advisory

17054

17225

17236

17326

17516

18377

18406

18507

19550

19597

24788

31492

32706

GLSA-200507-05

Patch, Vendor Advisory

1014398

Vendor Advisory

101989

Patch, Vendor Advisory

http://support.apple.com/kb/HT3298

http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm

DSA-740

Patch, Vendor Advisory

DSA-797

Patch, Vendor Advisory

DSA-1026

GLSA-200509-18

Patch, Vendor Advisory

VU#680620

Third Party Advisory, US Government Resource

MDKSA-2005:112

MDKSA-2005:196

MDKSA-2006:070

RHSA-2005:569

Patch, Vendor Advisory

RHSA-2008:0629

HPSBUX02090

20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates

20071018 Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)

20071018 Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)

20071020 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)

20071021 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)

20071029 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)

20071029 Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)

14162

Patch

USN-151-3

http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html

http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html

ADV-2005-0978

ADV-2006-0144

ADV-2007-1267

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391

Vendor Advisory

FLSA:162680

Vendor Advisory

hpux-secure-shell-dos(24064)

oval:org.mitre.oval:def:11500

oval:org.mitre.oval:def:1262

oval:org.mitre.oval:def:1542

USN-148-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.