Severity: Unknown
Affected Package: zlib
Summary: zlib heap buffer over-read/overflow in inflate() via large gzip header extra field
zlib through 1.2.12 had a heap-based buffer over-read or buffer overflow in inflate() in inflate.c via a large gzip header extra field. Applications that use inflateGetHeader() to process untrusted gzip data with a large extra field could be affected. Fixed on the current branch in 2.2.4 and on the older 1.2.x branch in 1.2.11.
No specific recommendations provided.
Aliases: CVE-2022-37434
Published: August 30, 2022
Last Modified: August 30, 2022