• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

JZLib Denial Of Service Vulnerability

JZlib is a re-implementation of the zlib compression library, written entirely in Java. It can be used on most Unix and Linux variants, as well as Microsoft Windows operating systems.

It is possible to crash JZlib with a specially-crafted block of invalid deflated data. This causes a NullPointerException to be thrown. This may cause a denial of service to applications which use the library.

It has not been determined whether this issue may be exploited to execute arbitrary code. Though the possibility seems unlikely.