📦

zlib

Vendor: zlib

Actively Exploited 0 CISA KEV List

PoC / Exploits 3 Code Available

Total RCEs 2 Remote Access

Total CVEs 85 Total Indexed

Avg. EPSS 17.81% Exploit Prob.

Latest CVE CVE-2026-27171 Feb 18

Security Vulnerability Index

Page 2 / 9

5.0 CVSS

CVE-2005-1849

inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.

EPSS: 7.99%

Severity: MEDIUM

Jul 26, 2005

7.5 CVSS

CVE-2005-2096

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

EPSS: 43.03%

Severity: HIGH

Jul 06, 2005

2.1 CVSS

CVE-2004-0797

The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).

EPSS: 2.23%

Severity: LOW

Oct 20, 2004

7.5 CVSS

CVE-2003-0107

Exploit Found

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

EPSS: 35.64%

Severity: HIGH

Mar 07, 2003

9.8 CVSS

CVE-2002-0059

RCE

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

EPSS: 28.52%

Severity: CRITICAL

Mar 15, 2002

Displaying 5 of 85 Total Entries

1 2 3 4 5 ... 9

Total 9 Sections