CVE-2005-1849 — Zlib vulnerability

12 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

8.0%

top 7.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zlib Debian Sash Debian Zlib +1 more

Timeline

PublishedJul 26

Latest updateMay 3

Description

inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶debiandebian/zlib< sash 3.7-5sarge1 (bookworm)

▶Debianzlib/zlib< 1:1.2.3-1+3

▶NVDzlib/zlib1.2.2

▶debiandebian/sash< sash 3.7-5sarge1 (bookworm)

▶debiandebian/zsync< sash 3.7-5sarge1 (bookworm)

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-mm7q-95r6-v3v2: inftrees↗2022-05-03

▶

OSV

CVE-2005-1849: inftrees↗2005-07-26

▶

CVEList

CVE-2005-1849: inftrees↗2005-07-26

▶

📋Vendor Advisories

Ubuntu

rpm vulnerability↗2005-11-09

▶

Ubuntu

zlib vulnerabilities↗2005-10-29

▶

Red Hat

zlib DoS↗2005-08-20

▶

Ubuntu

zlib vulnerabilities↗2005-07-23

▶

Ubuntu

zlib vulnerability↗2005-07-21

▶

💬Community

Bugzilla

CVE-2005-1849 zlib DoS↗2008-01-29

▶