CVE-2005-2096

Name of the Vulnerable Software and Affected Versions zlib versions 1.2 and later zsync (affected versions not specified) sash (affected versions not specified) zlib-devel (affected versions not specified) zlib-devel-32bit (affected versions not specified)

Description The issue allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow. This can be demonstrated using a crafted PNG file. The exploitation of these vulnerabilities may lead to a disruption of confidentiality, integrity, and availability of protected information.

Recommendations For zlib versions 1.2 and later, consider updating to a version that fixes the buffer overflow issue. For zsync, sash, zlib-devel, and zlib-devel-32bit, at the moment, there is no information about a newer version that contains a fix for this vulnerability.