'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
|
SecurityTracker Alert ID: 1003783 |
SecurityTracker URL: http://securitytracker.com/id/1003783
|
CVE Reference:
CVE-2002-0059
(Links to External Site)
|
Date: Mar 11 2002
|
Impact:
Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.1.3
|
Description:
A vulnerability was reported in the zlib shared library, a widely used library that provides in-memory compress and decompression functions. A remote user could cause programs using this library to crash or to execute arbitrary code on the system.
It is reported that certain types of input will cause zlib to free the same area of memory twice (i.e., perform a "double free"), resulting in a buffer overflow condition when expanding compressed input. A remote user can cause programs that process untrusted user-supplied compressed input to crash or potentially execute arbitrary code on the system.
It is reported that web browsers or email programs that display image attachments or other programs that uncompress data may be particularly affected.
It is reported that Matthias Clasen <maclas@gmx.de> and Owen Taylor <otaylor@redhat.com> discovered this bug.
|
Impact:
A remote user can cause affected programs that use zlib to process untrusted user-supplied compressed input to crash or potentially execute arbitrary code on the system.
|
Solution:
The vendor has released a fixed version (1.1.3), available at:
http://www.gzip.org/zlib/
|
Vendor URL: www.gzip.org/zlib/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Subject: zlib bug
|
'zlib' Shared Compression Library Contains Double Free Buffer Overlow
That Lets Remote Users Cause Programs Using zlib to Crash or Execute
Arbitrary Code
Version: zlib 1.1.3
Vendor: Jean-loup Gailly and Mark Adler
Vendor URL: http://www.gzip.org/zlib/
A vulnerability was reported in the zlib shared library, a widely used
library that provides in-memory compress and decompression functions. A
remote user could cause programs using this library to crash or to
execute arbitrary code on the system.
It is reported that certain types of input will cause zlib to free the
same area of memory twice (i.e., perform a "double free"), resulting in
a buffer overflow condition.
A remote user can cause programs that process untrusted user-supplied
compressed input to crash or potentially execute arbitrary code on the
system.
It is reported that web browsers or email programs that display image
attachments or other programs that uncompress data may be particularly
affected.
It is reported that Matthias Clasen <maclas@gmx.de> and Owen Taylor
<otaylor@redhat.com> discovered this bug.
|
|