CVE-2002-0059 Information

Description

The decompression algorithm in zlib 1.1.3 and earlier as used in many different utilities and packages causes inflateEnd to release certain memory more than once (a \double free) which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

Reference

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022 http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt http://www.cert.org/advisories/CA-2002-07.html http://www.debian.org/security/2002/dsa-122 http://www.kb.cert.org/vuls/id/368819 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 http://www.redhat.com/support/errata/RHSA-2002-026.html http://www.redhat.com/support/errata/RHSA-2002-027.html http://www.securityfocus.com/bid/4267 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037 https://exchange.xforce.ibmcloud.com/vulnerabilities/8427