CVE-2018-25032
HIGH | Platform: macOS | Changelog
CVE Details
Description
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 7.5 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Weakness
References
- Apple Security Advisory
- NVD Entry
- http://seclists.org/fulldisclosure/2022/May/33 (Mailing List, Third Party Advisory)
- http://seclists.org/fulldisclosure/2022/May/35 (Mailing List, Third Party Advisory)
- http://seclists.org/fulldisclosure/2022/May/38 (Mailing List, Third Party Advisory)
- http://www.openwall.com/lists/oss-security/2022/03/25/2 (Mailing List, Third Party Advisory)
- http://www.openwall.com/lists/oss-security/2022/03/26/1 (Exploit, Mailing List, Third Party Advisory)
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf (Third Party Advisory)
- https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 (Patch, Third Party Advisory)
- https://github.com/madler/zlib/compare/v1.2.11…v1.2.12 (Patch, Third Party Advisory)