CVE-2016-9842

Name of the Vulnerable Software and Affected Versions zlib versions 1.2.8

Description The issue is related to an error in handling negative numbers in the inflateMark function of the zlib library. This could allow a remote attacker to cause unspecified impact, potentially leading to disruption of confidentiality, integrity, and availability of protected information. The vulnerability might be exploited by vectors involving left shifts of negative integers, and it could also lead to a denial of service via a big-endian out-of-bounds pointer.

Recommendations For zlib version 1.2.8, consider disabling the inflateMark function as a temporary workaround until a patch is available. Restrict access to the zlib library to minimize the risk of exploitation. Avoid using the zlib library to process specially crafted documents until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.