Leo Bergolth

**Name of the Vulnerable Software and Affected Versions** Compress::Raw::Zlib versions prior to 2.017 **Description** The issue is related to an off-by-one error in the inflate function in Zlib.xs, which can be exploited by context-dependent attackers to cause a denial of service, resulting in a hang or crash. This is achieved through a crafted zlib compressed stream that triggers a heap-based buffer overflow. The issue has been exploited in the wild, for example, by Trojan.Downloader-71014 in June 2009. **Recommendations** For versions prior to 2.017, update to version 2.017 or later to resolve the issue. As a temporary workaround, consider restricting the use of the inflate function in Zlib.xs to minimize the risk of exploitation.