CVE-2005-2096

NONE
Published Jul 6, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jul 6, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 3

VendorProductVersionRange
zlibzlib1.2.0any
zlibzlib1.2.1any
zlibzlib1.2.2any

References 56

  • ftp.freebsd.org ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
  • ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
  • lists.apple.com http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
  • lists.apple.com http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
    Vendor Advisory
  • lists.apple.com http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
  • secunia.com http://secunia.com/advisories/15949
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/17054
  • secunia.com http://secunia.com/advisories/17225
  • secunia.com http://secunia.com/advisories/17236
  • secunia.com http://secunia.com/advisories/17326
  • secunia.com http://secunia.com/advisories/17516
  • secunia.com http://secunia.com/advisories/18377
  • secunia.com http://secunia.com/advisories/18406
  • secunia.com http://secunia.com/advisories/18507
  • secunia.com http://secunia.com/advisories/19550
  • secunia.com http://secunia.com/advisories/19597
  • secunia.com http://secunia.com/advisories/24788
  • secunia.com http://secunia.com/advisories/31492
  • secunia.com http://secunia.com/advisories/32706
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200507-05.xml
    PatchVendor Advisory
  • securitytracker.com http://securitytracker.com/id?1014398
    Vendor Advisory
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1
    PatchVendor Advisory
  • support.apple.com http://support.apple.com/kb/HT3298
  • support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
  • debian.org http://www.debian.org/security/2005/dsa-740
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2005/dsa-797
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-1026
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
    PatchVendor Advisory
  • kb.cert.org http://www.kb.cert.org/vuls/id/680620
    Third Party AdvisoryUS Government Resource
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:112
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:196
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:070
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-569.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2008-0629.html
  • securityfocus.com http://www.securityfocus.com/archive/1/421411/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/464745/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/482503/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/482505/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/482571/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/482601/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/482949/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/482950/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/14162
    Patch
  • ubuntulinux.org http://www.ubuntulinux.org/usn/usn-151-3
  • vmware.com http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
  • vmware.com http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
  • vupen.com http://www.vupen.com/english/advisories/2005/0978
  • vupen.com http://www.vupen.com/english/advisories/2006/0144
  • vupen.com http://www.vupen.com/english/advisories/2007/1267
  • bugzilla.redhat.com https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391
    Vendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
    Vendor Advisory
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/24064
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11500
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1262
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1542
  • usn.ubuntu.com https://usn.ubuntu.com/148-1/

Remediation

  • secunia.com http://secunia.com/advisories/15949
    PatchVendor Advisory
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200507-05.xml
    PatchVendor Advisory
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2005/dsa-740
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2005/dsa-797
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-569.html
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/14162
    Patch