Category

Zlib

Security vulnerabilities and automated fixes for zlib issues

3 posts found

critical5 min

How buffer overflow via strcpy() happens in C zlib and how to fix it

A critical buffer overflow vulnerability was discovered in `general/libzlib/gzlib.c` where multiple `strcpy()` and `strcat()` calls operated without bounds checking. An attacker controlling file paths or error messages could overflow destination buffers, potentially achieving arbitrary code execution. The fix replaces these unsafe string operations with bounded `memcpy()` calls that respect pre-calculated buffer lengths.

#security#buffer-overflow#c+4 more
O
orbisai0security
Jul 6, 2026
critical8 min

Buffer Overflow in zlib's untgz.c: How strcpy() Puts Your App at Risk

A critical buffer overflow vulnerability was discovered and patched in zlib's `untgz.c` utility, where two unchecked `strcpy()` calls could allow attackers to corrupt memory by supplying an oversized archive name. This class of vulnerability has been responsible for some of the most devastating exploits in software history, making it essential for developers to understand how and why it happens. The fix eliminates unsafe string copying and replaces it with bounds-aware alternatives that prevent

#security#c#buffer-overflow+4 more
O
orbisai0security
May 17, 2026
critical8 min

Critical Buffer Overflow in zlib: When sprintf() Becomes a Security Nightmare

A critical buffer overflow vulnerability was discovered and patched in a bundled zlib123 library, where the use of unsafe sprintf() and vsprintf() functions allowed attackers to overwrite adjacent memory by supplying specially crafted compressed data. This type of vulnerability can lead to remote code execution, making it one of the most severe classes of security bugs in systems programming. The fix addresses the root cause by replacing or constraining the unsafe function calls that lacked buff

#buffer-overflow#c-security#zlib+4 more
O
orbisai0security
May 16, 2026