CVE-2009-1391

Name of the Vulnerable Software and Affected Versions Compress::Raw::Zlib versions prior to 2.017

Description The issue is related to an off-by-one error in the inflate function in Zlib.xs, which can be exploited by context-dependent attackers to cause a denial of service, resulting in a hang or crash. This is achieved through a crafted zlib compressed stream that triggers a heap-based buffer overflow. The issue has been exploited in the wild, for example, by Trojan.Downloader-71014 in June 2009.

Recommendations For versions prior to 2.017, update to version 2.017 or later to resolve the issue. As a temporary workaround, consider restricting the use of the inflate function in Zlib.xs to minimize the risk of exploitation.