Computer Security
[EN] securityvulns.ru no-pyccku


zlib compression library DoS
updated since 06.07.2005
Published:30.10.2007
Source:
SecurityVulns ID:4963
Type:library
Threat Level:
6/10
Description:DoS on invalid data stream (including ones of PNG files).
Affected:CVS : CVS 1.12
 QT : qt 3.3
 ZLIB : zlib 1.2
 ZSYNC : zsync 0.3
 SUN : Network Security Services 3.10
 sash : sash 3.7
 CURL : curl 7.17
 GSVIEW : GSview 4.8
CVE:CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.)
Original documentdocumentStefan Kanthak, Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096) (30.10.2007)
 documentStefan Kanthak, Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) (19.10.2007)
 documentStefan Kanthak, Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096) (19.10.2007)
 documentSECUNIA, zsync Multiple zlib Vulnerabilities (03.09.2005)
 documentSUSE, SUSE Security Announcement: zlib denial of service attack (SUSE-SA:2005:039) (06.07.2005)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod