Known Vulnerabilities for products from Zlib
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Zlib".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40036 json | Not Provided | 2026-04-08 | 2026-04-11 | |
| CVE-2026-39804 json | Not Provided | 2026-05-01 | 2026-05-04 | |
| CVE-2026-35469 json | Not Provided | 2026-04-16 | 2026-04-17 | |
| CVE-2026-27820 json | Not Provided | 2026-04-16 | 2026-04-16 | |
| CVE-2026-23943 json | Not Provided | 2026-03-13 | 2026-04-06 | |
| CVE-2026-6535 json | Not Provided | 2026-04-30 | 2026-04-30 | |
| CVE-2026-6100 json | Not Provided | 2026-04-13 | 2026-04-14 | |
| CVE-2026-4176 json | Not Provided | 2026-03-29 | 2026-03-30 | |
| CVE-2023-45853 json | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a... | 9.8 - CRITICAL | 2023-10-14 | 2024-01-24 |
| CVE-2022-37434 json | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extr... | 9.8 - CRITICAL | 2022-08-05 | 2023-07-19 |
| CVE-2018-25032 json | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | 7.5 - HIGH | 2022-03-25 | 2023-11-07 |
| CVE-2016-9843 json | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vector... | Not Provided | 2017-05-23 | 2025-04-20 |
| CVE-2016-9842 json | The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via ve... | Not Provided | 2017-05-23 | 2025-12-04 |
| CVE-2016-9841 json | inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer ari... | Not Provided | 2017-05-23 | 2025-04-20 |
| CVE-2016-9840 json | inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer ar... | Not Provided | 2017-05-23 | 2025-04-20 |
| CVE-2015-1191 json | Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full ... | Not Provided | 2015-01-21 | 2026-05-06 |
| CVE-2013-0296 json | Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file'... | Not Provided | 2014-04-27 | 2026-05-06 |
| CVE-2005-2096 json | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with... | Not Provided | 2005-07-06 | 2025-04-03 |
| CVE-2005-1849 json | inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that ca... | Not Provided | 2005-07-26 | 2025-04-03 |
| CVE-2004-0797 json | The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to c... | Not Provided | 2004-10-20 | 2025-04-03 |