oss-sec mailing list archives
Re: Re: zlib security audit by 7asecurity
From: Jan Engelhardt <ej () inai de>
Date: Wed, 18 Feb 2026 00:14:01 +0100 (CET)
On Tuesday 2026-02-17 22:21, Simon Josefsson wrote:
Sam James <sam () gentoo org> writes:* ZLB-01-001 WP2: Heap Buffer Overflow via Legacy gzprintf Implementation (High)That vulnerability seems to require that zlib was built with -DNO_vsnprintf -DNO_snprintf, targetting a system lacking 'snprintf'. Does anyone know of a real-world environment using that configuration?
Does Borland C++ 1.01 for DOS count?
Current thread:
- zlib security audit by 7asecurity Sam James (Feb 17)
- Re: zlib security audit by 7asecurity Simon Josefsson (Feb 17)
- Re: Re: zlib security audit by 7asecurity Jan Engelhardt (Feb 17)
- Re: zlib security audit by 7asecurity Steffen Nurpmeso (Feb 17)
- Re: Re: zlib security audit by 7asecurity Sevan Janiyan (Feb 17)
- Re: Re: zlib security audit by 7asecurity Sevan Janiyan (Feb 18)
- Re: Re: zlib security audit by 7asecurity Sevan Janiyan (Feb 18)
- Re: Re: zlib security audit by 7asecurity Jan Engelhardt (Feb 17)
- Re: zlib security audit by 7asecurity Simon Josefsson (Feb 17)