CNNVD-202601-1150 Information

CNNVD ID

CNNVD-202601-1150

Related CVE

CVE-2026-22184

• CNNVD Published: 2026-01-07

Description (Chinese)

zlib是美国Mark Adler个人开发者的一个通用的数据压缩库。 zlib 1.3.1.2及之前版本存在缓冲区错误漏洞，该漏洞源于TGZfname函数存在全局缓冲区溢出，可能导致内存损坏、拒绝服务或代码执行。

Description (English)

zlib is a common data compressor for Mark Adler in the United States. There is a buffer zone error loophole in the zlib 1.3.1.2 and earlier versions, which stems from the TTZfname function ’ s presence of a global buffer zone spill, which may lead to memory damage, denial of service or code execution.

Hazard Level

Low

Vulnerability Type

缓冲区错误

Affected Vendor

个人开发者

Published

2026-01-07

Last Modified

2026-02-24

References

https://seclists.org/fulldisclosure/2026/Jan/3 https://zlib.net/ https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname https://github.com/madler/zlib https://github.com/madler/zlib/issues/1142