zlib version 1.2.1 and 1.2.2
Description: zlib is a popular compression library that is widely used by programs across all OSs including Linux, Mac OS and Windows. This
library contains a buffer overflow that can be triggered by a specially crafted compressed file. An attacker, who can deliver such a crafted
file to a program using zlib, may exploit the overflow to execute arbitrary code. For example, a webserver can set "Content-Encoding" HTTP header to gzip, which may lead to an overflow in the browser using the zlib library. The technical details required to craft a malicious file
may be obtained by examining the patch.
Status: The vendor will release an official update soon. Many Linux vendors have already provided updates. A list of applications that use
zlib can be found at:
Many of these applications may require an update from the corresponding vendor.
Keep Up with TechRepublic