oss-sec mailing list archives
Re: zlib security audit by 7asecurity
From: Simon Josefsson <simon () josefsson org>
Date: Tue, 17 Feb 2026 22:21:17 +0100
Great to see audits of widely used code! Gzip next? Sam James <sam () gentoo org> writes:
* ZLB-01-001 WP2: Heap Buffer Overflow via Legacy gzprintf Implementation (High)
That vulnerability seems to require that zlib was built with -DNO_vsnprintf -DNO_snprintf, targetting a system lacking 'snprintf'. Does anyone know of a real-world environment using that configuration? I don't see the applicability discussed in the report, and before assigning a severity rating to this problem, I think it is relevant to understand what environments really are affected. /Simon
Attachment:
signature.asc
Description:
Current thread:
- zlib security audit by 7asecurity Sam James (Feb 17)
- Re: zlib security audit by 7asecurity Simon Josefsson (Feb 17)
- Re: Re: zlib security audit by 7asecurity Jan Engelhardt (Feb 17)
- Re: zlib security audit by 7asecurity Steffen Nurpmeso (Feb 17)
- Re: Re: zlib security audit by 7asecurity Sevan Janiyan (Feb 17)
- Re: Re: zlib security audit by 7asecurity Sevan Janiyan (Feb 18)
- Re: Re: zlib security audit by 7asecurity Sevan Janiyan (Feb 18)
- Re: Re: zlib security audit by 7asecurity Jan Engelhardt (Feb 17)
- Re: zlib security audit by 7asecurity Simon Josefsson (Feb 17)