{"vuid":"VU#680620","idnumber":"680620","name":"zlib inflate() routine vulnerable to buffer overflow","keywords":["zlib","buffer overflow","inflate function","specially crafted file","denial of service"],"overview":"A buffer overflow in the zlib compression library may cause any application linked to zlib to improperly and immediately terminate.","clean_desc":"There is a buffer overflow in the zlib data-compression library caused by a lack of bounds checking in the inflate() routine. If an attacker supplies the inflate()routine with a specially crafted compressed data stream, that attacker may be able to trigger the buffer overflow causing any application linked to zlib, or incorporating zlib code to crash. According to reports, the buffer overflow is caused by a specific input stream and results in a constant value being written into an arbitrary memory location. This vulnerability may be exploited locally or remotely depending on the application being attacked. This vulnerability only affects zlib versions 1.2.1 and 1.2.2.","impact":"A remote attacker be able to exploit this vulnerability by supplying the inflate() routine with specially crafted compressed data. As a result, applications linked to the zlib library may abruptly and abnormally terminate resulting in a denial-of-service condition. According to public reports, this vulnerability can be exploited to execute arbitrary code, but we have not confirmed this.","resolution":"Apply patches from your vendor The zlib compression library is freely available and used by many vendors in a wide variety of applications. As a result, any one of these applications may contain this vulnerabilitiy. Users are encouraged to contact their vendors to determine if they are vulnerable and what action to take.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Mark Adler.","author":"This document was written by Jeff Gennari.","public":["ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc","https://rhn.redhat.com/errata/RHSA-2005-569.html","http://secunia.com/advisories/15949/","http://dev.gentoo.org/~taviso/blog/#e2005-07-21T17_24_15.txt","http://secunia.com/advisories/24788","http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=3616065","http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=9916286"],"cveids":["CVE-2005-2096"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-07-05T18:41:35Z","publicdate":"2005-07-02T00:00:00Z","datefirstpublished":"2005-07-07T18:37:52Z","dateupdated":"2007-04-05T12:45:42Z","revision":83,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"18","cam_impact":"8","cam_easeofexploitation":"10","cam_attackeraccessrequired":"14","cam_scorecurrent":"9.45","cam_scorecurrentwidelyknown":"11.34","cam_scorecurrentwidelyknownexploited":"18.9","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.45,"vulnote":null}