MNBSD-2022-4: zlib out-of-bounds access in deflate() with the Z_FIXED strategy

Severity: Unknown

Affected Package: zlib

Summary: zlib out-of-bounds access in deflate() with the Z_FIXED strategy

Description

zlib before 1.2.12 contained a bug in the deflate implementation: when using the Z_FIXED strategy (or a compression level that selects it) with a specific memLevel, deflate could perform out-of-bounds accesses, leading to memory corruption. MidnightBSD imported zlib 1.2.12 to correct this.

Affected Versions

zlib

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2018-25032

Published: April 06, 2022
Last Modified: April 06, 2022