• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Zlib Compression Library Decompression Buffer Overflow Vulnerability

Zlib is prone to a buffer-overflow vulnerability because it fails to properly handle unexpected input to its decompression routines.

Certain values used during decompression are incorrectly specified, allowing invalid inflate input to corrupt memory.

Exploiting this vulnerability allows attackers to crash applications that use the affected library and potentially execute arbitrary code in the context of an affected application.