cbcvebase.
CVE-2005-2096
published 2005-07-06

CVE-2005-2096: zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of…

PriorityP430high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
5.48%
91.8th percentile
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

Affected

41 ranges· showing 25
VendorProductVersion rangeFixed in
aideaide>= 0 < 0.10-6.1.10.10-6.1.1
aideaide>= 0 < 0.10-6.1.10.10-6.1.1
aideaide>= 0 < 0.10-6.1.10.10-6.1.1
aideaide>= 0 < 0.10-6.1.10.10-6.1.1
baculabacula>= 0 < 1.36.3-21.36.3-2
baculabacula>= 0 < 1.36.3-21.36.3-2
baculabacula>= 0 < 1.36.3-21.36.3-2
baculabacula>= 0 < 1.36.3-21.36.3-2
debianaide< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debianbacula< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debiandar< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debiandpkg< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debiandpkg>= 0 < 1.13.111.13.11
debiandpkg>= 0 < 1.13.111.13.11
debiandpkg>= 0 < 1.13.111.13.11
debiandpkg>= 0 < 1.13.111.13.11
debiandump< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debianlibphysfs< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debianmrtg< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debianpvpgn< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debianrpm< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debianrsync< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debiansash< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debiantexmacs< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)
debianzlib< aide 0.10-6.1.1 (bookworm)aide 0.10-6.1.1 (bookworm)

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.