oss-sec mailing list archives

Re: Fwd: [FD] zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Thu, 15 Jan 2026 15:14:55 -0800

On 1/6/26 09:31, Alan Coopersmith wrote:

I didn't see any mention of this in https://github.com/madler/zlib so
I filed https://github.com/madler/zlib/issues/1142 .

Note once again, this is in a utility in the contrib directory, not the main
zlib library itself.  (And 1.3.1.2 is not an actual release, but a git tag being
used for other purposes - see https://github.com/madler/zlib/discussions/1128 .)


The bug has been closed now that untgz has been removed from the zlib contrib
directory so that people stop harassing the zlib maintainers about code they
don't maintain:

https://github.com/madler/zlib/commit/1a40058a92d525aa49a6eac698cfde500fc9b92f

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Current thread:

Fwd: [FD] zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name Alan Coopersmith (Jan 06)
- Re: Fwd: [FD] zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name Alan Coopersmith (Jan 15)