Fluid Attacks Database

Description

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	zlib	>=0 <1:1.1.4-10	1:1.1.4-10
debian 11	zlib	>=0 <1:1.1.4-10	1:1.1.4-10
debian 13	zlib	>=0 <1:1.1.4-10	1:1.1.4-10
debian 14	zlib	>=0 <1:1.1.4-10	1:1.1.4-10

Aliases

1. CVE-2003-01072. NVD-2003-01073. OSV-DEBIAN-2003-01074. OSV-2003-01075. SECURITY-TRACKER-CVE-2003-0107

References

1. https://www.exploit-db.com/exploits/222732. https://www.exploit-db.com/exploits/22274

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.