CVE-2018-25032 — Out-of-bounds Write in Zlib

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer28 documents12 sources

Severity

7.5HIGHNVD

OSV8.8

EPSS

0.1%

top 74.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zlib Apple MAC OS X Apple Macos +16 more

Timeline

PublishedMar 25

Latest updateJul 9

Description

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages19 packages

▶NVDzlib/zlib1.2.2.2 — 1.2.12

▶Debianzlib/zlib< 1:1.2.11.dfsg-2+deb11u1+3

▶NVDapple/macos11.0 — 11.6.6+1

▶NVDpython/python3.7.0 — 3.7.14+3

▶NVDapple/mac_os_x10.15 — 10.15.7+1

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35, 36

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

klibc vulnerabilities↗2024-05-23

▶

OSV

klibc vulnerabilities↗2024-04-16

▶

GHSA

Out-of-bounds Write in zlib affects Nokogiri↗2022-04-11

▶

OSV

Out-of-bounds Write in zlib affects Nokogiri↗2022-04-11

▶

OSV

Nokogiri affected by zlib's Out-of-bounds Write vulnerability↗2022-03-26

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0012 Informational Bulletin: OSS CVEs Fixed in PAN-OS↗2025-07-09

▶

Ubuntu

klibc vulnerabilities↗2024-05-23

▶

Ubuntu

klibc vulnerabilities↗2024-04-16

▶

Oracle

Oracle Oracle Siebel CRM Risk Matrix: Siebel Core (zlib) — CVE-2018-25032↗2023-07-15

▶

Oracle

Oracle Oracle Database Server Risk Matrix: Oracle Database (zlib) — CVE-2018-25032↗2023-01-15

▶