CVE-2026-22184

Name of the Vulnerable Software and Affected Versions zlib versions up to and including 1.3.1.2

Description zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function uses an unbounded strcpy() call to copy an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer without validating the length. Providing an archive name exceeding 1024 bytes results in an out-of-bounds write, potentially leading to memory corruption, denial of service, and code execution, dependent on compiler, build flags, architecture, and memory layout. This overflow occurs before any archive parsing or validation.

Recommendations Update to zlib version 1.3.1.3 or higher. Monitor for untgz executions involving unusually long filenames in logs.