Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2003:081

The remote host is missing updates announced in
advisory RHSA-2003:081.

Zlib is a general-purpose, patent-free, lossless data compression
library that is used by many different programs.

The function gzprintf within zlib, when called with a string longer than
Z_PRINTF_BUFZISE (= 4096 bytes), can overflow without giving a warning.

zlib-1.1.4 and earlier exhibit this behavior. There are no known exploits
of the gzprintf overrun, and only a few programs, including rpm2html
and gimp-print, are known to use the gzprintf function.

The problem has been fixed by checking the length of the output string
within gzprintf.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: BugTraq ID: 6913
Common Vulnerability Exposure (CVE) ID: CVE-2003-0107
Bugtraq: 20030222 buffer overrun in zlib 1.1.4 (Google Search)
Bugtraq: 20030223 poc zlib sploit just for fun :) (Google Search)
Bugtraq: 20030224 Re: buffer overrun in zlib 1.1.4 (Google Search)
Bugtraq: 20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25 (Google Search)
Caldera Security Advisory: CSSA-2003-011.0
CERT/CC vulnerability note: VU#142121
Conectiva Linux advisory: CLSA-2003:619
NETBSD Security Advisory: NetBSD-SA2003-004
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.