Security vulnerabilities and automated fixes for zlib issues
2 posts found
A critical buffer overflow vulnerability was discovered and patched in zlib's `untgz.c` utility, where two unchecked `strcpy()` calls could allow attackers to corrupt memory by supplying an oversized archive name. This class of vulnerability has been responsible for some of the most devastating exploits in software history, making it essential for developers to understand how and why it happens. The fix eliminates unsafe string copying and replaces it with bounds-aware alternatives that prevent
A critical buffer overflow vulnerability was discovered and patched in a bundled zlib123 library, where the use of unsafe sprintf() and vsprintf() functions allowed attackers to overwrite adjacent memory by supplying specially crafted compressed data. This type of vulnerability can lead to remote code execution, making it one of the most severe classes of security bugs in systems programming. The fix addresses the root cause by replacing or constraining the unsafe function calls that lacked buff