oss-sec mailing list archives
zlib memory corruption on deflate (i.e. compress)
From: Tavis Ormandy <taviso () gmail com>
Date: Wed, 23 Mar 2022 20:49:49 -0700
Greetings list, I was recently trying to track down a reproducible crash in a compressor. Believe it or not, it really was a bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs. I reported it upstream, but it turns out the issue has been public since 2018, but the patch never made it into a release. As far as I know, nobody ever assigned it a CVE. https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 As far as I can tell, no distros have picked this up. Tavis. -- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger taviso () sdf org _\_V _( ) _( ) @taviso
Current thread:
- zlib memory corruption on deflate (i.e. compress) Tavis Ormandy (Mar 23)
- Re: zlib memory corruption on deflate (i.e. compress) Petr Štetiar (Mar 24)
- Re: zlib memory corruption on deflate (i.e. compress) Adler, Mark (Mar 27)
- Re: zlib memory corruption on deflate (i.e. compress) Alan Coopersmith (Mar 29)
- Re: zlib memory corruption on deflate (i.e. compress) Adler, Mark (Mar 27)
- Re: zlib memory corruption on deflate (i.e. compress) John Helmert III (Mar 25)
- Re: zlib memory corruption on deflate (i.e. compress) Tavis Ormandy (Mar 26)
- Re: zlib memory corruption on deflate (i.e. compress) Eric Biggers (Mar 27)
- Re: zlib memory corruption on deflate (i.e. compress) ariel . byd (Mar 27)
- Re: zlib memory corruption on deflate (i.e. compress) Eric Biggers (Mar 27)
- Re: zlib memory corruption on deflate (i.e. compress) Eric Biggers (Mar 28)
- Re: Re: zlib memory corruption on deflate (i.e. compress) Tavis Ormandy (Mar 28)
- Re: zlib memory corruption on deflate (i.e. compress) Tavis Ormandy (Mar 26)
- Re: zlib memory corruption on deflate (i.e. compress) Petr Štetiar (Mar 24)