CVE-2016-9842

CWE-133518 documents10 sources
Severity
8.8HIGH
EPSS
12.1%
top 6.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
19
Apple Iphone OSApple MAC OS XApple Tvos+16 more
Timeline
PublishedMay 23
Latest updateMay 13

Description

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages19 packages

NVDzlib/zlib1.2.3.41.2.9
Debianzlib< 1:1.2.8.dfsg-3+3
Ubuntuzlib< 1:1.2.8.dfsg-2ubuntu4.3
NVDapple/tvos< 11.0
NVDapple/watchos< 4

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04, Enterprise Linux 7.4, 7.5

Patches

Patch: www.openwall.comPatch: bugzilla.redhat.comPatch: github.com

🔴Vulnerability Details

5
GHSA
GHSA-3686-jjcf-4w27: The inflateMark function in inflate2022-05-13
OSV
rsync vulnerabilities2020-02-25
OSV
zlib vulnerabilities2020-01-22
OSV
CVE-2016-9842: The inflateMark function in inflate2017-05-23
CVEList
CVE-2016-9842: The inflateMark function in inflate2017-05-23

📋Vendor Advisories

9
Ubuntu
rsync vulnerabilities2020-02-25
Ubuntu
zlib vulnerabilities2020-01-22
Apple
CVE-2016-9842: macOS High Sierra 10.132017-09-25
Apple
CVE-2016-9842: watchOS 42017-09-19
Apple
CVE-2016-9842: iOS 112017-09-19

💬Community

3
Bugzilla
CVE-2016-9842 zlib: Undefined left shift of negative number2016-12-07
Bugzilla
CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 zlib: various flaws [fedora-all]2016-12-07
Bugzilla
CVE-2014-9842 ImageMagick: memory leak in psd handling2016-06-07