PT-2017-2600 · Zlib+7 · Zlib+7

Published

2016-12-21

·

Updated

2024-05-23

·

CVE-2016-9841

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions zlib version 1.2.8
Description The issue is caused by improper pointer arithmetic in the inffast.c component of the zlib library, which may allow remote attackers to impact the confidentiality, integrity, and availability of protected information. This can be achieved by exploiting errors in number processing, potentially leading to a denial of service. A remote attacker could exploit this by persuading a victim to open a specially crafted document, causing a denial of service due to a big-endian out-of-bounds pointer.
Recommendations For zlib version 1.2.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

ALT-PU-2017-1439
ALT-PU-2018-2668
ALT-PU-2018-2752
AZL-44316
AZL-45087
BDU:2017-01816
CVE-2016-9841
DLA-1725-1
DLA-2085-1
MGASA-2020-0108
OESA-2023-1422
OPENSUSE-SU-2017_2998-1
OPENSUSE-SU-2018_0042-1
PSF-2017-3
RHSA-2017:1220
RHSA-2017:1221
RHSA-2017:1222
RHSA-2017:2999
RHSA-2017:3046
RHSA-2017:3047
RHSA-2017:3453
RHSA-2017_1220
RHSA-2017_1221
RHSA-2017_1222
RHSA-2017_2999
RHSA-2017_3046
RHSA-2017_3047
SUSE-SU-2016:3209-1
SUSE-SU-2017:0003-1
SUSE-SU-2017:0004-1
SUSE-SU-2017:1384-1
SUSE-SU-2017:1385-1
SUSE-SU-2017:1386-1
SUSE-SU-2017:1387-1
SUSE-SU-2017:1389-1
SUSE-SU-2017:1444-1
SUSE-SU-2017:2699-1
SUSE-SU-2017:2700-1
SUSE-SU-2017:2989-1
SUSE-SU-2017:3235-1
SUSE-SU-2017:3369-1
SUSE-SU-2017:3411-1
SUSE-SU-2017:3440-1
SUSE-SU-2017:3455-1
SUSE-SU-2017_3235-1
SUSE-SU-2017_3369-1
SUSE-SU-2018:0005-1
SUSE-SU-2018:0061-1
SUSE-SU-2018:1815-1
USN-4246-1
USN-4292-1
USN-6736-1
USN-6736-2

Affected Products

Alt Linux
Ibm Aix
Java Platform
Linuxmint
Red Hat
Suse
Ubuntu
Zlib